NSX-T Data Center REST API
Deprecated Types
The following API types are deprecated in this version. Deprecated types continue to function, but may be removed in a future NSX version.
AddressBindingEntry (schema) (Deprecated)
Combination of IP-MAC-VLAN binding
An address binding entry is a combination of the IP-MAC-VLAN binding for
a logical port. The address bindings can be obtained via various methods
like ARP snooping, DHCP snooping etc. or by user configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| binding | Combination of IP-MAC-VLAN binding | PacketAddressClassifier | |
| binding_timestamp | Timestamp of binding Timestamp at which the binding was discovered via snooping or manually specified by the user |
EpochMsTimestamp | |
| source | Address binding source Source from which the address binding entry was obtained |
AddressBindingSource | Default: "UNKNOWN" |
AddressBindingSource (schema) (Deprecated)
Source from which the address binding is obtained
| Name | Description | Type | Notes |
|---|---|---|---|
| AddressBindingSource | Source from which the address binding is obtained | string | Deprecated Enum: INVALID, UNKNOWN, USER_DEFINED, ARP_SNOOPING, DHCP_SNOOPING, VM_TOOLS, ND_SNOOPING, DHCPV6_SNOOPING, VM_TOOLS_V6 |
AssignedByDhcp (schema) (Deprecated)
DHCP based IP assignment.
This type can be specified in ip assignment spec of host switch if DHCP based IP assignment is desired for host switch virtual tunnel endpoints.
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value AssignedByDhcp | string | Required Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec, NoIpv4 |
AttachedInterface (schema) (Deprecated)
Attached interface specification for Bare metal server
The Attached interface is only effective for the port on Bare metal server.
| Name | Description | Type | Notes |
|---|---|---|---|
| app_intf_name | The name of application interface | string | Required |
| default_gateway | Gateway IP | IPAddress | |
| migrate_intf | Interface name to migrate IP configuration on migrate_intf will migrate to app_intf_name. It is used for Management and Application sharing the same IP. |
string | |
| routing_table | Routing rules | array of string |
AttachmentContext (schema) (Deprecated)
This is an abstract type. Concrete child types:
L2VpnAttachmentContext
VifAttachmentContext
| Name | Description | Type | Notes |
|---|---|---|---|
| allocate_addresses | A flag to indicate whether to allocate addresses from allocation pools bound to the parent logical switch. | string | Enum: IpPool, MacPool, Both, None, Dhcp, DhcpV6, SLAAC |
| resource_type | Used to identify which concrete class it is | string | Required |
AttachmentType (schema) (Deprecated)
Type of attachment for logical port.
| Name | Description | Type | Notes |
|---|---|---|---|
| AttachmentType | Type of attachment for logical port. | string | Deprecated Enum: VIF, LOGICALROUTER, BRIDGEENDPOINT, DHCP_SERVICE, METADATA_PROXY, L2VPN_SESSION, L2FORWARDER |
AttachmentTypeQueryString (schema) (Deprecated)
Type of attachment for logical port; for query only.
| Name | Description | Type | Notes |
|---|---|---|---|
| AttachmentTypeQueryString | Type of attachment for logical port; for query only. | string | Deprecated Enum: VIF, LOGICALROUTER, BRIDGEENDPOINT, DHCP_SERVICE, METADATA_PROXY, L2VPN_SESSION, NONE |
BaseHostSwitchProfile (schema) (Deprecated)
This is an abstract type. Concrete child types:
ExtraConfigHostSwitchProfile
LldpHostSwitchProfile
NiocProfile
UplinkHostSwitchProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value BaseHostSwitchProfile | HostSwitchProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
BaseSwitchingProfile (schema) (Deprecated)
This is an abstract type. Concrete child types:
IpDiscoverySwitchingProfile
MacManagementSwitchingProfile
QosSwitchingProfile
SpoofGuardSwitchingProfile
SwitchSecuritySwitchingProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value BaseSwitchingProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
BfdHealthMonitoringProfile (schema) (Deprecated)
Profile for BFD health monitoring
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Whether the heartbeat is enabled. A POST or PUT request with "enabled" false (with no probe intervals) will set (POST) or reset (PUT) the probe_interval to their default value. | boolean | Required |
| id | Unique identifier of this resource | string | Sortable |
| latency_enabled | Whether the latency is enabled. The flag is to turn on/off latency. A POST or PUT request with "latency_enabled" true will enable NSX to send the networking latency data to thrid-party monitoring tools like vRNI. |
boolean | |
| probe_interval | The time interval (in millisec) between probe packets for tunnels between transport nodes. | integer | Minimum: 300 Default: "1000" |
| resource_type | Must be set to the value BfdHealthMonitoringProfile | string | Required Enum: BfdHealthMonitoringProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
BpduFilter (schema) (Deprecated)
BPDU filter configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Indicates whether BPDU filter is enabled | boolean | Required |
| white_list | Pre-defined list of allowed MAC addresses to be excluded from BPDU filtering | array of string | Minimum items: 0 Maximum items: 32 |
BridgeHighAvailabilityClusterProfile (schema) (Deprecated)
Profile for BFD HA cluster setting
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bfd_probe_interval | the time interval (in millisec) between probe packets for heartbeat purpose | integer | Minimum: 300 Maximum: 60000 Default: "1000" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable | whether the heartbeat is enabled | boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value BridgeHighAvailabilityClusterProfile | ClusterProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCommunicationEntry (schema) (Deprecated)
Wrapper object for CommunicationEntry
Child wrapper object for CommunicationEntry, used in hierarchical API This type is deprecated. Use the type ChildRule instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| CommunicationEntry | CommunicationEntry Contains the actual CommunicationEntry object. |
CommunicationEntry | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCommunicationEntry | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCommunicationMap (schema) (Deprecated)
Wrapper object for CommunicationMap
Child wrapper object for CommunicationMap, used in hierarchical API This type is deprecated. Use the type ChildSecurityPolicy instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| CommunicationMap | CommunicationMap Contains the actual CommunicationMap object. |
CommunicationMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCommunicationMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDeploymentZone (schema) (Deprecated)
Wrapper object for DeploymentZone
Child wrapper object for DeploymentZone, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DeploymentZone | DeploymentZone Contains the actual DeploymentZone object |
DeploymentZone | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDeploymentZone | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildForwardingPolicy (schema) (Deprecated)
Wrapper object for children of type ForwardingPolicy
Child wrapper object for ForwardingPolicy used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ForwardingPolicy | ForwardingPolicy Contains actual ForwardingPolicy. |
ForwardingPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildForwardingPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildForwardingRule (schema) (Deprecated)
Wrapper object for ForwardingRule
Child wrapper object for ForwardingRule used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ForwardingRule | ForwardingRule Contains actual ForwardingRule. |
ForwardingRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildForwardingRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2Vpn (schema) (Deprecated)
Wrapper object for L2Vpn
Child wrapper object for L2Vpn, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2Vpn | L2Vpn Contains the actual L2Vpn object. |
L2Vpn | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2Vpn | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2VpnContext (schema) (Deprecated)
Wrapper object for L2VpnContext
Child wrapper object for L2VpnContext, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2VpnContext | L2VpnContext Contains the actual L2VpnContext object. |
L2VpnContext | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2VpnContext | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL3Vpn (schema) (Deprecated)
Wrapper object for L3Vpn
Child wrapper object for L3Vpn, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L3Vpn | L3Vpn Contains the actual L3Vpn object. |
L3Vpn | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL3Vpn | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL3VpnContext (schema) (Deprecated)
Wrapper object for L3VpnContext
Child wrapper object for L3VpnContext, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L3VpnContext | L3VpnContext Contains the actual L3VpnContext object. |
L3VpnContext | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL3VpnContext | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBClientSslProfile (schema) (Deprecated)
Wrapper object for LBClientSslProfile
Child wrapper for LBClientSslProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBClientSslProfile | LBClientSslProfile Contains the actual LBClientSslProfile object. |
LBClientSslProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBClientSslProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBMonitorProfile (schema) (Deprecated)
Wrapper object for LBMonitorProfile
Child wrapper for LBMonitorProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBMonitorProfile | LBMonitorProfile Contains the actual LBMonitorProfile object. |
LBMonitorProfile (Abstract type: pass one of the following concrete types) LBActiveMonitor LBHttpMonitorProfile LBHttpsMonitorProfile LBIcmpMonitorProfile LBPassiveMonitorProfile LBTcpMonitorProfile LBUdpMonitorProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBMonitorProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBServerSslProfile (schema) (Deprecated)
Wrapper object for LBServerSslProfile
Child wrapper for LBServerSslProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBServerSslProfile | LBServerSslProfile Contains the actual LBServerSslProfile object. |
LBServerSslProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBServerSslProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ClasslessStaticRoute (schema) (Deprecated)
DHCP classless static route option
DHCP classless static route option.
| Name | Description | Type | Notes |
|---|---|---|---|
| network | Destination in CIDR Destination network in CIDR format. |
IPElement | Required |
| next_hop | Router IP address of next hop of the route. |
IPAddress | Required |
ClientAuthType (schema) (Deprecated)
client authentication mode
Client authentication could be REQUIRED or IGNORE.
REQUIRED means that client is required to present its
certificate to the server for authentication. To be accepted, client
certificate must be signed by one of the trusted Certificate
Authorities (CAs), also referred to as root CAs, whose self signed
certificates are specified in the same client SSL profile binding.
IGNORE means that client certificate would be ignored.
| Name | Description | Type | Notes |
|---|---|---|---|
| ClientAuthType | client authentication mode Client authentication could be REQUIRED or IGNORE. REQUIRED means that client is required to present its certificate to the server for authentication. To be accepted, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified in the same client SSL profile binding. IGNORE means that client certificate would be ignored. |
string | Deprecated Enum: REQUIRED, IGNORE |
ClientSslProfileBinding (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_chain_depth | the maximum traversal depth of client certificate chain authentication depth is used to set the verification depth in the client certificates chain. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| client_auth | client authentication mode | ClientAuthType | Default: "IGNORE" |
| client_auth_ca_ids | CA identifier list to verify client certificate If client auth type is REQUIRED, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. |
array of string | |
| client_auth_crl_ids | CRL identifier list to verify client certificate A Certificate Revocation List (CRL) can be specified in the client-side SSL profile binding to disallow compromised client certificates. |
array of string | |
| default_certificate_id | default service certificate identifier A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. |
string | Required |
| sni_certificate_ids | SNI certificate identifier list Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. |
array of string | |
| ssl_profile_id | client SSL profile identifier Client SSL profile defines reusable, application-independent client side SSL properties. |
string |
ClusterProfileTypeIdEntry (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| profile_id | key value | string | Required |
| resource_type | ClusterProfileType |
CommunicationEntry (schema) (Deprecated)
A communication entry specifies the security policy between the workload groups
A communication entry indicates the action to be performed for various types of traffic flowing between workload groups. This type is deprecated. Use the type Rule instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied to all the services. |
string | Enum: ALLOW, DROP, REJECT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains.In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to deactivate the rule Flag to deactivate the rule. Default is activated. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| logged | Enable logging flag Flag to enable packet logging. Default is deactivated. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value CommunicationEntry | string | |
| scope | The list of policy paths where the communication entry is applied
Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this CommunicationEntry This field is used to resolve conflicts between multiple CommunicationEntries under CommunicationMap for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple communication entries with the same sequence number then their order is not deterministic. If a specific order of communication entry is desired, then one has to specify unique sequence numbers or use the POST request on the communication entry entity with a query parameter action=revise to let the framework assign a sequence number |
int | |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| tag | Tag applied on the communication entry User level field which will be printed in CLI and packet logs. |
string | Maximum length: 32 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CommunicationEntryInsertParameters (schema) (Deprecated)
Parameters to tell where communication entry needs to be placed
Parameters to let the admin specify a relative position of a communication
entry w.r.t to another one in the same communication map. If the
communication entry specified in the anchor_path belongs to another
communication map an error will be thrown
This type is deprecated. Use the type RuleInsertParameters instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| anchor_path | The communication map/communication entry path if operation is 'insert_after' or 'insert_before' | string | |
| operation | Operation | string | Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top" |
CommunicationEntryListRequestParameters (schema) (Deprecated)
CommunicationEntry list request parameters
This type is deprecated. Use the type RuleListRequestParameters instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
CommunicationEntryListResult (schema) (Deprecated)
Paged Collection of CommunicationEntries
This type is deprecated. Use the type RuleListResult instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CommunicationEntry list results | array of CommunicationEntry | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CommunicationInsertParameters (schema) (Deprecated)
Parameters to tell where communication map/communication entry
needs to be placed
Parameters to let the admin specify a relative position of a communication
map or communication entry w.r.t to another one.
This type is deprecated. Use the type RuleInsertParameters instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| anchor_path | The communication map/communication entry path if operation is 'insert_after' or 'insert_before' | string | |
| operation | Operation | string | Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top" |
CommunicationMap (schema) (Deprecated)
Contains ordered list of CommunicationEntries
Ordered list of CommunicationEntries. This object is created by default
along with the Domain.
This type is deprecated. Use the type SecurityPolicy instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a communication map, if needed. - Distributed Firewall - Policy framework for Distributed Firewall provides four pre-defined categories for classifying a communication map. They are "Emergency", "Infrastructure", "Environment" and "Application". Amongst the layer 3 communication maps,there is a pre-determined order in which the policy framework manages the priority of these communication maps. Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a communication map into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four layer 3 categories. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildCommunicationEntry |
|
| communication_entries | CommunicationEntries that are a part of this CommunicationMap | array of CommunicationEntry | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| precedence | Precedence to resolve conflicts across Domains This field is used to resolve conflicts between communication maps across domains. In order to change the precedence of a communication map one can fire a POST request on the communication map entity with a query parameter action=revise The precedence field will reflect the value of the computed precedence upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several communication maps, the only way to set the precedence is to explicitly specify the precedence number for each communication map. If no precedence is specified in the payload, a value of 0 is assigned by default. If there are multiple communication maps with the same precedence then their order is not deterministic. If a specific order of communication map is desired, then one has to specify a unique precedence or use the POST request on the communication map entity with a query parameter action=revise to let the framework assign a precedence |
int | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value CommunicationMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CommunicationMapInsertParameters (schema) (Deprecated)
Parameters to tell where communication map needs to be placed
Parameters to let the admin specify a relative position of a communication
map w.r.t to another one.
This type is deprecated. Use the type SecurityPolicyInsertParameters instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| anchor_path | The communication map/communication entry path if operation is 'insert_after' or 'insert_before' | string | |
| operation | Operation | string | Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top" |
CommunicationMapListRequestParameters (schema) (Deprecated)
CommunicationMap list request parameters
This type is deprecated. Use the type SecurityPolicyListRequestParameters instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
CommunicationMapListResult (schema) (Deprecated)
Paged Collection of Communication map
This type is deprecated. Use the type SecurityPolicyListResult instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CommunicationMap list results | array of CommunicationMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ConditionalForwarderZone (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| domain_names | Domain names of a forwarder zone A forwarder domain name should be a valid FQDN. If reverse lookup is needed for this zone, reverse lookup domain name like X.in-addr.arpa can be defined. Here the X represents a subnet. |
array of string | Required Minimum items: 1 Maximum items: 100 |
| source_ip | Source ip of the forwarder The source ip used by the fowarder of the zone. If no source ip specified, the ip address of listener of the DNS forwarder will be used. |
IPv4Address | |
| upstream_servers | Ips of upsteam DNS servers Ip address of the upstream DNS servers the DNS forwarder accesses. |
array of IPv4Address | Required Minimum items: 1 Maximum items: 3 |
CookiePersistenceModeType (schema) (Deprecated)
cookie persistence mode
If the persistence cookie is found in the incoming request, value of the
cookie is used to identify the server that this request should be sent to.
If the cookie is not found, then the server selection algorithm is used to
select a new server to handle that request.
Three different modes of cookie persistence are supported: insert, prefix
and rewrite.
In cookie insert mode, a cookie is inserted by load balancer in the HTTP
response going from server to client.
In cookie prefix and rewrite modes, server controls the cookie and load
balancer only manipulates the value of the cookie. In prefix mode, server's
cookie value is prepended with the server IP and port and then sent to the
client. In rewrite mode, entire server's cookie value is replaced with the
server IP and port in the response before sending it to the client.
| Name | Description | Type | Notes |
|---|---|---|---|
| CookiePersistenceModeType | cookie persistence mode If the persistence cookie is found in the incoming request, value of the cookie is used to identify the server that this request should be sent to. If the cookie is not found, then the server selection algorithm is used to select a new server to handle that request. Three different modes of cookie persistence are supported: insert, prefix and rewrite. In cookie insert mode, a cookie is inserted by load balancer in the HTTP response going from server to client. In cookie prefix and rewrite modes, server controls the cookie and load balancer only manipulates the value of the cookie. In prefix mode, server's cookie value is prepended with the server IP and port and then sent to the client. In rewrite mode, entire server's cookie value is replaced with the server IP and port in the response before sending it to the client. |
string | Deprecated Enum: INSERT, PREFIX, REWRITE |
CookieTimeType (schema) (Deprecated)
Snat translation type
Both session cookie and persistence cookie are supported,
Use LbSessionCookieTime for session cookie time setting,
Use LbPersistenceCookieTime for persistence cookie time setting
| Name | Description | Type | Notes |
|---|---|---|---|
| CookieTimeType | Snat translation type Both session cookie and persistence cookie are supported, Use LbSessionCookieTime for session cookie time setting, Use LbPersistenceCookieTime for persistence cookie time setting |
string | Deprecated Enum: LbSessionCookieTime, LbPersistenceCookieTime |
CpuCoreConfigForEnhancedNetworkingStackSwitch (schema) (Deprecated)
Enhanced Networking Stack CPU configuration
Non Uniform Memory Access (NUMA) nodes and Logical cpu cores (Lcores) per NUMA node configuration for Enhanced Networking Stack enabled HostSwitch.
| Name | Description | Type | Notes |
|---|---|---|---|
| num_lcores | Number of Logical cpu cores (Lcores) to be placed on a specified NUMA node | int | Required Minimum: 1 |
| numa_node_index | Unique index of the Non Uniform Memory Access (NUMA) node | int | Required Minimum: 0 |
DVSConfig (schema) (Deprecated)
The DVS Configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| host_infra_traffic_res | Resource allocation associated with NiocProfile host_infra_traffic_res specifies bandwidth allocation for various traffic resources. |
array of ResourceAllocation | |
| lacp_group_configs | Array of Link Aggregation Control Protocol (LACP) configuration It contains information about VMware specific multiple dynamic LACP groups. |
array of LacpGroupConfigInfo | |
| lldp_send_enabled | Enabled or disabled sending LLDP packets | boolean | Default: "False" |
| mtu | Maximum Transmission Unit used for uplinks | int | Minimum: 1600 |
| name | The DVS name | string | Required |
| uplink_port_names | Uplink port names Names of uplink ports for this DVS. |
array of string | Required Minimum items: 1 |
| uuid | The DVS uuid | string |
DeploymentZone (schema) (Deprecated)
Deployment zone
Logical grouping of enforcement points.
This is a deprecated type. DeploymentZone has been renamed to Site.
Use Site.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildEnforcementPoint |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enforcement_points | Logical grouping of enforcement points | array of EnforcementPoint | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value DeploymentZone | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DeploymentZoneListRequestParameters (schema) (Deprecated)
DeploymentZone list request parameters
DeploymentZone list request parameters.
This is a deprecated type. DeploymentZone has been renamed to Site.
Use SiteListRequestParameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
DeploymentZoneListResult (schema) (Deprecated)
Paged Collection of Deployment Zones
Paged Collection of Deployment Zones.
This is a deprecated type. DeploymentZone has been renamed to Site.
Use SiteListResult.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Deployment Zones | array of DeploymentZone | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpDeleteLeaseRequestParameters (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | IPAddress | Required | |
| mac | MACAddress | Required |
DhcpFilter (schema) (Deprecated)
DHCP filtering configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| client_block_enabled | Indicates whether DHCP client blocking is enabled | boolean | Required |
| server_block_enabled | Indicates whether DHCP server blocking is enabled | boolean | Required |
| v6_client_block_enabled | Indiactes whether DHCP v6 client blocking is enabled | boolean | Default: "False" |
| v6_server_block_enabled | Indiactes whether DHCP V6 server blocking is enabled | boolean | Default: "False" |
DhcpIpPool (schema) (Deprecated)
DHCP ip-pool
DHCP ip-pool to define dynamic ip allocation ranges.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allocation_ranges | Ip-ranges Ip-ranges to define dynamic ip allocation ranges. |
array of IpPoolRange | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| error_threshold | Error threshold, valid [80-100], default 100 Error threshold. Alert will be raised if the pool usage reaches the given threshold. |
integer | Minimum: 80 Maximum: 100 Default: "100" |
| gateway_ip | Gateway ip Gateway ip address of the allocation. |
IPAddress | |
| id | Unique identifier of this resource | string | Sortable |
| lease_time | Lease time Lease time, in seconds, [60-(2^32-1)]. Default is 86400. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| options | DHCP options If an option is defined at server level and not configred at ip-pool/static-binding level, the option will be inherited to ip-pool/static-binding. If both define a same-code option, the option defined at ip-pool/static-binding level take precedence over that defined at server level. |
DhcpOptions | |
| resource_type | Must be set to the value DhcpIpPool | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| warning_threshold | Warning threshold, valid [50-80], default 80 Warning threshold. Alert will be raised if the pool usage reaches the given threshold. |
integer | Minimum: 50 Maximum: 80 Default: "80" |
DhcpIpPoolListResult (schema) (Deprecated)
A list of DHCP ip pools
A paginated list of DHCP ip pools.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of DHCP ip pools A paginated list of DHCP ip pools. |
array of DhcpIpPool | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpIpPoolUsage (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| allocated_number | allocated number. COULD BE INACCURATE, REFERENCE ONLY. | integer | Required |
| allocated_percentage | allocated percentage. COULD BE INACCURATE, REFERENCE ONLY. | integer | Required |
| dhcp_ip_pool_id | uuid of dhcp ip pool | string | Required |
| pool_size | pool size | integer | Required |
DhcpLeaseRequestParameters (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| address | can be an ip address, or an ip range, or a mac address | string | |
| pool_id | The uuid of dhcp ip pool | string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
DhcpOption121 (schema) (Deprecated)
DHCP option 121
DHCP option 121 to define classless static route.
| Name | Description | Type | Notes |
|---|---|---|---|
| static_routes | DHCP classless static routes Classless static route of DHCP option 121. |
array of ClasslessStaticRoute | Required Minimum items: 1 Maximum items: 27 |
DhcpOptions (schema) (Deprecated)
DHCP options
Define DHCP options of the DHCP service.
| Name | Description | Type | Notes |
|---|---|---|---|
| option121 | Option 121 DHCP option 121 to define classless static routes. Once Option 121 was defined, Option 249 will be auto-generated because they are equivalent. |
DhcpOption121 | |
| others | Generic DHCP options other than option 121 To define DHCP options other than option 121 in generic format. Please note, only the following options can be defined in generic format. Those other options will be accepted without validation but will not take effect. -------------------------- Code Name -------------------------- 2 Time Offset 6 Domain Name Server 13 Boot File Size 19 Forward On/Off 26 MTU Interface 28 Broadcast Address 35 ARP Timeout 40 NIS Domain 41 NIS Servers 42 NTP Servers 44 NETBIOS Name Srv 45 NETBIOS Dist Srv 46 NETBIOS Node Type 47 NETBIOS Scope 58 Renewal Time 59 Rebinding Time 64 NIS+-Domain-Name 65 NIS+-Server-Addr 66 TFTP Server-Name (used by PXE) 67 Bootfile-Name (used by PXE) 117 Name Service Search 119 Domain Search 150 TFTP server address (used by PXE) 209 PXE Configuration File 210 PXE Path Prefix 211 PXE Reboot Time |
array of GenericDhcpOption | Minimum items: 0 Maximum items: 255 |
DhcpProfile (schema) (Deprecated)
DHCP profile to specify edge cluster and members
DHCP profile to specify edge cluster and members on which the dhcp server
will run. A DhcpProfile can be referenced by different logical DHCP servers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_cluster_id | Edge cluster uuid Edge cluster uuid on which the referencing logical DHCP server runs. |
string | Required |
| edge_cluster_member_indexes | Edge node indexes The Edge nodes on which the DHCP servers run. If none is provided, the NSX will auto-select two edge-nodes from the given edge cluster. If only one edge node is provided, the DHCP servers will run without HA support. |
array of integer | Minimum items: 0 Maximum items: 2 |
| enable_standby_relocation | Flag to enable standby DHCP server relocation Flag to enable the auto-relocation of standby DHCP Service in case of edge node failure. Only tier 1 and auto placed DHCP servers are considered for the relocation. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value DhcpProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DhcpProfileListResult (schema) (Deprecated)
A list of DHCP profiles
A paginated list of DHCP profiles.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of DHCP profiles A paginated list of logical DHCP profiles. |
array of DhcpProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpRelayProfile (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value DhcpRelayProfile | string | |
| server_addresses | array of IPAddress | Required | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DhcpRelayProfileListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Dhcp relay profile list results | array of DhcpRelayProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpRelayService (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_relay_profile_id | dhcp relay profile referenced by the dhcp relay service | string | Required |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value DhcpRelayService | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DhcpRelayServiceListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Dhcp relay service list results | array of DhcpRelayService | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpServerStatus (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_node | uuid of active transport node | string | Required |
| error_message | Error message, if available | string | |
| service_status | UP means the dhcp service is working fine on both active transport-node
and stand-by transport-node (if have), hence fail-over can work at this time if there is failure happens on one of the transport-node; DOWN means the dhcp service is down on both active transport-node and stand-by node (if have), hence the dhcp-service will not repsonse any dhcp request; Error means error happens on transport-node(s) or no status is reported from transport-node(s). The dhcp service may be working (or not working); NO_STANDBY means dhcp service is working in one of the transport node while not in the other transport-node (if have). Hence if the dhcp service in the working transport-node is down, fail-over will not happen and the dhcp service will go down. |
string | Required Enum: UP, DOWN, ERROR, NO_STANDBY |
| stand_by_node | uuid of stand_by transport node. null if non-HA mode | string |
DhcpStaticBinding (schema) (Deprecated)
DHCP static binding
DHCP static binding to define a static ip allocation.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| gateway_ip | Gateway ip Gateway ip address of the allocation. |
IPAddress | |
| host_name | Host name The host name to be assigned to the host. |
string | Format: hostname |
| id | Unique identifier of this resource | string | Sortable |
| ip_address | Ip address The ip address to be assigned to the host. |
IPAddress | Required |
| lease_time | Lease time Lease time, in seconds, [60-(2^32-1)]. Default is 86400. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| mac_address | MAC address The MAC address of the host. |
MACAddress | Required |
| options | DHCP options If an option is defined at server level and not configred at ip-pool/static-binding level, the option will be inherited to ip-pool/static-binding. If both define a same-code option, the option defined at ip-pool/static-binding level take precedence over that defined at server level. |
DhcpOptions | |
| resource_type | Must be set to the value DhcpStaticBinding | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DhcpStaticBindingListResult (schema) (Deprecated)
A list of DHCP static bindings
A paginated list of DHCP static bindings.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of DHCP static bindings A paginated list of DHCP static bindings. |
array of DhcpStaticBinding | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpStatistics (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| acks | The total number of DHCP ACK packets | integer | Required |
| declines | The total number of DHCP DECLINE packets | integer | Required |
| dhcp_server_id | dhcp server uuid | string | Required |
| discovers | The total number of DHCP DISCOVER packets | integer | Required |
| errors | The total number of DHCP errors | integer | Required |
| informs | The total number of DHCP INFORM packets | integer | Required |
| ip_pool_stats | The DHCP ip pool usage statistics | array of DhcpIpPoolUsage | |
| nacks | The total number of DHCP NACK packets | integer | Required |
| offers | The total number of DHCP OFFER packets | integer | Required |
| releases | The total number of DHCP RELEASE packets | integer | Required |
| requests | The total number of DHCP REQUEST packets | integer | Required |
| timestamp | timestamp of the statistics | EpochMsTimestamp | Required |
DhcpV6InfoBase (schema) (Deprecated)
Base type of IPv6 ip-allocation
Base type of IPv6 ip-allocation extended by ip-pool and static-binding.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_nameservers | DNS ips Primary and secondary DNS server address to assign host. They can be overridden by ip-pool or static-binding level property. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
| domain_names | Domain name Host name or prefix to be assigned to host. It can be overridden by ip-pool or static-binding level property. |
array of string | |
| id | Unique identifier of this resource | string | Sortable |
| lease_time | Lease time Lease time, in seconds. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| preferred_time | Preferred time Preferred time, in seconds. If this value is not provided, the value of lease_time*0.8 will be used. |
integer | Minimum: 48 Maximum: 4294967295 |
| resource_type | Must be set to the value DhcpV6InfoBase | string | |
| sntp_servers | SNTP server ips SNTP server ips. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DhcpV6IpPool (schema) (Deprecated)
DHCP IPv6 ip pool
DHCP IPv6 ip pool to define dynamic ip allocation ranges.
The DhcpV6IpPool would only provide stateless DHCP (domain search list,
DNS servers, SNTP servers) to client if both the ranges and excluded_ranges
are not specified.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_nameservers | DNS ips Primary and secondary DNS server address to assign host. They can be overridden by ip-pool or static-binding level property. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
| domain_names | Domain name Host name or prefix to be assigned to host. It can be overridden by ip-pool or static-binding level property. |
array of string | |
| excluded_ranges | Excluded range of IPv6 addresses Excluded addresses to define dynamic ip allocation ranges. |
array of IpPoolRange | Minimum items: 0 Maximum items: 128 |
| id | Unique identifier of this resource | string | Sortable |
| lease_time | Lease time Lease time, in seconds. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| preferred_time | Preferred time Preferred time, in seconds. If this value is not provided, the value of lease_time*0.8 will be used. |
integer | Minimum: 48 Maximum: 4294967295 |
| ranges | Ip address ranges Ip address ranges to define dynamic ip allocation ranges. |
array of IpPoolRange | Minimum items: 0 Maximum items: 128 |
| resource_type | Must be set to the value DhcpV6IpPool | string | |
| sntp_servers | SNTP server ips SNTP server ips. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DhcpV6IpPoolListResult (schema) (Deprecated)
A list of DHCP IPv6 ip pools
A paginated list of DHCP IPv6 ip pools.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of DHCP IPv6 ip pools A paginated list of DHCP IPv6 ip pools. |
array of DhcpV6IpPool | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpV6StaticBinding (schema) (Deprecated)
DHCP IPv6 static binding
DHCP IPv6 static binding to define a static ip allocation.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_nameservers | DNS ips Primary and secondary DNS server address to assign host. They can be overridden by ip-pool or static-binding level property. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
| domain_names | Domain name Host name or prefix to be assigned to host. It can be overridden by ip-pool or static-binding level property. |
array of string | |
| id | Unique identifier of this resource | string | Sortable |
| ip_addresses | Ip address list When not specified, no ip address will be assigned to client host. |
array of IPv6Address | Minimum items: 0 Maximum items: 1 |
| lease_time | Lease time Lease time, in seconds. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| mac_address | MAC address The MAC address of the host. Either client-duid or mac-address, but not both. |
MACAddress | |
| preferred_time | Preferred time Preferred time, in seconds. If this value is not provided, the value of lease_time*0.8 will be used. |
integer | Minimum: 48 Maximum: 4294967295 |
| resource_type | Must be set to the value DhcpV6StaticBinding | string | |
| sntp_servers | SNTP server ips SNTP server ips. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DhcpV6StaticBindingListResult (schema) (Deprecated)
A list of DHCP IPv6 static bindings
A paginated list of DHCP IPv6 static bindings.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of DHCP IPv6 static bindings A paginated list of DHCP IPv6 static bindings. |
array of DhcpV6StaticBinding | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DirectionType (schema) (Deprecated)
port mirroring direction
| Name | Description | Type | Notes |
|---|---|---|---|
| DirectionType | port mirroring direction | string | Deprecated Enum: INGRESS, EGRESS, BIDIRECTIONAL Default: "BIDIRECTIONAL" |
DnsAnswer (schema) (Deprecated)
Answer of dns nslookup
The response for DNS nslookup.
| Name | Description | Type | Notes |
|---|---|---|---|
| answers | The answers of the query. The answers of the query. |
array of DnsQueryAnswer | Minimum items: 1 Maximum items: 256 |
| authoritative_answers | Authoritative answers Authotitative answers of the query. This is a deprecated property, please use 'answers' instead. |
array of DnsQueryAnswer | Deprecated Minimum items: 1 Maximum items: 256 |
| dns_server | DNS server information Dns server ip address and port, format is "ip address#port". |
string | Required |
| edge_node_id | Edge node id ID of the edge node that performed the query. |
string | Required |
| non_authoritative_answers | Non authoritative answers Non-authotitative answers of the query. This is a deprecated property, please use 'answers' instead. |
array of DnsQueryAnswer | Deprecated Minimum items: 1 Maximum items: 256 |
| raw_answer | Raw message returned from the DNS forwarder It can be NXDOMAIN or error message which is not consisted of authoritative_answer or non_authoritative_answer. |
string | |
| source_ip | The source ip used in this lookup The source ip used in this lookup. |
IPv4Address | Required |
DnsFailedQueryRequestParameters (schema) (Deprecated)
The request parameters to get failed DNS queries
To specify how many failed DNS queries will be returned.
| Name | Description | Type | Notes |
|---|---|---|---|
| count | The count of the failed DNS queries How many failed DNS queries should be returned. |
integer | Minimum: 1 Maximum: 1000 Default: "100" |
DnsForwarder (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| cache_size | Cache size in KB One DNS answer cache entry will consume ~120 bytes. Hence 1 KB cache size can cache ~8 DNS answer entries, and the default 1024 KB cache size can hold ~8k DNS answer entries. |
int | Minimum: 1 Maximum: 16777216 Default: "1024" |
| conditional_forwarders | Conditional zone forwarders The conditional zone forwarders. During matching a zone forwarder, the DNS forwarder will use the conditional fowarder with the longest domain name that matches the query. |
array of ConditionalForwarderZone | Maximum items: 5 |
| default_forwarder | Default zone forwarder The default zone forwarder that catches all other domain names except those matched by conditional forwarder zone. |
ForwarderZone | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Flag to enable/disable the forwarder | boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| listener_ip | Listener ip address The ip address the DNS forwarder listens on. It can be an ip address already owned by the logical-router uplink port or router-link, or a loopback port ip address. But it can not be a downlink port address. User needs to ensure the address is reachable via router or NAT from both client VMs and upstream servers. User will need to create Firewall rules if needed to allow such traffic on a Tier-1 or Tier-0. |
IPv4Address | Required |
| log_level | Log level of the DNS forwarder | string | Enum: DEBUG, INFO, WARNING, ERROR, FATAL Default: "INFO" |
| logical_router_id | Logical router id Specify the LogicalRouter where the DnsForwarder runs. The HA mode of the hosting LogicalRouter must be Active/Standby. |
string | Required |
| resource_type | Must be set to the value DnsForwarder | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DnsForwarderListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of DNS forwarders | array of DnsForwarder | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DnsForwarderStatistics (schema) (Deprecated)
Statistics counters of the DNS forwarder
The current statistics counters of the DNS forwarder including cache usages
and query numbers per forwarders.
| Name | Description | Type | Notes |
|---|---|---|---|
| conditional_forwarder_statistics | The statistics of conditional forwarders | array of PerForwarderStatistics | Readonly Minimum items: 0 Maximum items: 5 |
| configured_cache_size | The configured cache size, in kb | integer | Readonly |
| default_forwarder_statistics | The statistics of default forwarder | PerForwarderStatistics | Readonly |
| error_message | Error message, if available | string | Readonly |
| queries_answered_locally | The totocal number of queries answered from local cache | integer | Readonly |
| queries_forwarded | The total number of forwarded dns queries | integer | Readonly |
| timestamp | Time stamp of the current statistics, in ms | EpochMsTimestamp | Readonly |
| total_queries | The total number of received dns queries | integer | Readonly |
| used_cache_statistics | The statistics of used cache | array of PerNodeUsedCacheStatistics | Readonly Minimum items: 0 Maximum items: 2 |
DnsForwarderStatus (schema) (Deprecated)
The current runtime status of DNS forwarder
The current runtime status of the DNS forwarder including the hosting
transport nodes and forwarder service status.
| Name | Description | Type | Notes |
|---|---|---|---|
| active_node | Uuid of active transport node | string | Readonly |
| extra_message | Extra message, if available | string | Readonly |
| standby_node | Uuid of stand_by transport node. null if non-HA mode | string | Readonly |
| status | UP means the DNS forwarder is working correctly on the active transport
node and the stand-by transport node (if present). Failover will occur if either node goes down. DOWN means the DNS forwarder is down on both active transport node and standby node (if present). The DNS forwarder does not function in this situation. Error means there is some error on one or both transport node, or no status was reported from one or both transport nodes. The dns forwarder may be working (or not working). NO_BACKUP means dns forwarder is working in only one transport node, either because it is down on the standby node, or no standby is configured. An forwarder outage will occur if the active node goes down. |
string | Readonly Enum: UP, DOWN, ERROR, NO_BACKUP |
| timestamp | Time stamp of the current status, in ms | EpochMsTimestamp | Readonly |
DnsQueryAnswer (schema) (Deprecated)
Answer of nslookup
| Name | Description | Type | Notes |
|---|---|---|---|
| address | Matched ip address Can be resolved ip address. |
string | |
| name | Matched name Matched name of the given address. |
string | |
| raw_string | Unparsed answer string Unparsed answer string from raw_answer. |
string |
Dscp (schema) (Deprecated)
One of Quality-of-Service or Encapsulated-Remote-Switched-Port-Analyzer
Dscp value is ignored in case of 'TRUSTED' DscpMode.
| Name | Description | Type | Notes |
|---|---|---|---|
| mode | DscpMode | ||
| priority | Internal Forwarding Priority | int | Minimum: 0 Maximum: 63 Default: "0" |
DscpMode (schema) (Deprecated)
Trust settings
| Name | Description | Type | Notes |
|---|---|---|---|
| DscpMode | Trust settings | string | Deprecated Enum: TRUSTED, UNTRUSTED Default: "TRUSTED" |
DuplicateAddressBindingEntry (schema) (Deprecated)
Duplicate address binding information
| Name | Description | Type | Notes |
|---|---|---|---|
| binding | Combination of IP-MAC-VLAN binding | PacketAddressClassifier | |
| binding_timestamp | Timestamp of binding Timestamp at which the binding was discovered via snooping or manually specified by the user |
EpochMsTimestamp | |
| conflicting_port | ID of logical port with the same address binding Provides the ID of the port on which the same address bidning exists |
string | |
| source | Address binding source Source from which the address binding entry was obtained |
AddressBindingSource | Default: "UNKNOWN" |
DuplicateIPDetection (schema) (Deprecated)
Duplicate IP detection and control
| Name | Description | Type | Notes |
|---|---|---|---|
| duplicate_ip_detection_enabled | Indicates whether duplicate IP detection should be enabled | boolean | Default: "False" |
EdgeHighAvailabilityProfile (schema) (Deprecated)
Profile for BFD HA cluster setting
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bfd_allowed_hops | BFD allowed hops | integer | Minimum: 1 Maximum: 255 Default: "255" |
| bfd_declare_dead_multiple | Number of times a packet is missed before BFD declares the neighbor down. | integer | Minimum: 2 Maximum: 16 Default: "3" |
| bfd_probe_interval | the time interval (in millisec) between probe packets for heartbeat purpose | integer | Minimum: 50 Maximum: 60000 Default: "500" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value EdgeHighAvailabilityProfile | ClusterProfileType | Required |
| standby_relocation_config | Standby service contexts relocation setting | StandbyRelocationConfig | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
EgressRateShaper (schema) (Deprecated)
A shaper that specifies egress rate properties in Mb/s
| Name | Description | Type | Notes |
|---|---|---|---|
| average_bandwidth_mbps | Average bandwidth in Mb/s | int | Minimum: 0 Default: "0" |
| burst_size_bytes | Burst size in bytes | int | Minimum: 0 Default: "0" |
| enabled | boolean | Required | |
| peak_bandwidth_mbps | Peak bandwidth in Mb/s | int | Minimum: 0 Default: "0" |
| resource_type | Must be set to the value EgressRateShaper | string | Required Enum: IngressRateShaper, IngressBroadcastRateShaper, EgressRateShaper Default: "IngressRateShaper" |
ExtraConfig (schema) (Deprecated)
Vendor specific configuration on logical switch or logical port
Extra config is intended for supporting vendor specific configuration on the
data path, it can be set as key value string pairs on either logical switch
or logical port.
If it was set on logical switch, it will be inherited automatically by logical
ports in it. Also logical port setting will override logical switch setting
if specific key was dual set on both logical switch and logical port.
| Name | Description | Type | Notes |
|---|---|---|---|
| config_pair | Key value pair in string for the configuration | UnboundedKeyValuePair | Required |
ExtraConfigHostSwitchProfile (schema) (Deprecated)
Profile for extra configs in host switch
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| extra_configs | list of extra configs | array of ExtraConfig | |
| id | Unique identifier of this resource | string | Sortable |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value ExtraConfigHostSwitchProfile | HostSwitchProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ForwarderZone (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| source_ip | Source ip of the forwarder The source ip used by the fowarder of the zone. If no source ip specified, the ip address of listener of the DNS forwarder will be used. |
IPv4Address | |
| upstream_servers | Ips of upsteam DNS servers Ip address of the upstream DNS servers the DNS forwarder accesses. |
array of IPv4Address | Required Minimum items: 1 Maximum items: 3 |
ForwardingPolicy (schema) (Deprecated)
Forwarding Policy
Contains ordered list of forwarding rules that determine when to
forward traffic to / from the underlay for accessing cloud native services.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildForwardingRule |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value ForwardingPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | Rules that are a part of this ForwardingPolicy | array of ForwardingRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ForwardingPolicyListResult (schema) (Deprecated)
Paged Collection of ForwardingPolicy objects
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | ForwardingPolicy list results | array of ForwardingPolicy | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ForwardingPolicyStatisticsForEnforcementPoint (schema) (Deprecated)
Forwarding Policy statistics for an enforcement point
Forwarding policy statistics for a specfic enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point | Enforcement point path Path for a specific enforcement point |
string | Readonly |
| statistics | Forwarding Policy Statistics Statistics for the specified enforcement point |
ForwardingPolicyStats | Readonly |
ForwardingPolicyStatisticsListResult (schema) (Deprecated)
Paged Collection of Forwarding Policy statistics
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Forwarding Policy statistics list results | array of ForwardingPolicyStatisticsForEnforcementPoint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ForwardingPolicyStats (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Forwarding rules stats List of rule statistics. |
array of ForwardingRuleStats | Readonly |
| section_id | Forwarding Policy ID Forwarding policy identifier. |
string | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ForwardingRule (schema) (Deprecated)
Forwarding rule
Forwarding rule that determine how to forward traffic from a VM.
Traffic from VM can either be routed via Overlay or Underlay when VM is on hybrid port.
Additionally NAT can be performed for VM or container on overlay to route traffic to/from underlay
ROUTE_TO_UNDERLAY - Access a service on underlay space from a VM connected to hybrid port. Eg access to AWS S3 on AWS underlay
ROUTE_TO_OVERLAY - Access a service on overlay space from a VM connected to hybrid port.
ROUTE_FROM_UNDERLAY - Access a service hosted on a VM (that is connected to hybrid port) from underlay space. Eg access from AWS ELB to VM
ROUTE_FROM_OVERLAY - Access a service hosted on a VM (that is connected to hybrid port) from overlay space
NAT_FROM_UNDERLAY - Access a service on overlay VM/container from underlay space using DNAT from underlay IP to overlay IP
NAT_TO_UNDERLAY - Access an underlay service from a VM/container on overlay space using SNAT from overlay IP to underlay IP
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied to all the services |
string | Enum: ROUTE_TO_UNDERLAY, ROUTE_TO_OVERLAY, ROUTE_FROM_UNDERLAY, ROUTE_FROM_OVERLAY, NAT_FROM_UNDERLAY, NAT_TO_UNDERLAY |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to deactivate the rule Flag to deactivate the rule. Default is activated. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is deactivated. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value ForwardingRule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ForwardingRuleListRequestParameters (schema) (Deprecated)
ForwardingRule list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ForwardingRuleListResult (schema) (Deprecated)
Paged Collection of ForwardingRules
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Rule list results | array of ForwardingRule | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ForwardingRuleStatisticsForEnforcementPoint (schema) (Deprecated)
Forwarding Policy Rule statistics for an enforcement point
Forwarding Rule statistics for a specfic enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point | Enforcement point path Path for a specific enforcement point |
string | Readonly |
| statistics | Forwarding Rule Statistics Statistics for the specified enforcement point |
ForwardingRuleStats | Readonly |
ForwardingRuleStatisticsListResult (schema) (Deprecated)
Paged Collection of Forwarding rule statistics
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | ForwardingRuleStatistics list results | array of ForwardingRuleStatisticsForEnforcementPoint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ForwardingRuleStats (schema) (Deprecated)
Forwarding Policy Rule Statistics
FP Rule Statistics.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| byte_count | Bytes count Aggregated number of bytes processed by the rule. |
integer | Readonly |
| hit_count | Hits count Aggregated number of hits received by the rule. |
integer | Readonly |
| internal_rule_id | NSX internal rule id Realized id of the rule on NSX MP. Policy Manager can create more than one rule per policy rule, in which case this identifier helps to distinguish between the multple rules created. |
string | Readonly |
| l7_accept_count | L7 Accept count Aggregated number of L7 Profile Accepted counters received by the rule. |
integer | Readonly |
| l7_reject_count | L7 Reject count Aggregated number of L7 Profile Rejected counters received by the rule. |
integer | Readonly |
| l7_reject_with_response_count | L7 Reject with response count Aggregated number of L7 Profile Rejected with Response counters received by the rule. |
integer | Readonly |
| lr_path | Logical Router (Tier-0/Tier1) path Path of the LR on which the section is applied in case of Edge FW. |
string | Readonly |
| max_popularity_index | The maximum popularity index Maximum value of popularity index of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. |
integer | Readonly |
| max_session_count | Maximum Sessions count Maximum value of sessions count of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. |
integer | Readonly |
| packet_count | Packets count Aggregated number of packets processed by the rule. |
integer | Readonly |
| popularity_index | The index of the popularity of rule This is calculated by sessions count divided by age of the rule. |
integer | Readonly |
| rule | Rule path Path of the rule. |
string | Readonly |
| session_count | sessions count Aggregated number of sessions processed by the rule. |
integer | Readonly |
| total_session_count | Total Sessions count Aggregated number of sessions processed by all the rules This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. |
integer | Readonly |
GenericDhcpOption (schema) (Deprecated)
Generic DHCP option
Define DHCP options other than option 121.
| Name | Description | Type | Notes |
|---|---|---|---|
| code | DHCP option code, [0-255] Code of the dhcp option. |
integer | Required Minimum: 0 Maximum: 255 |
| values | DHCP option value Value of the option. |
array of string | Required Minimum items: 1 Maximum items: 10 |
GroupDeleteRequestParameters (schema) (Deprecated)
Group delete request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| fail_if_subtree_exists | Do not delete if the group subtree has any entities Check if the group sub-tree has any entities. These primarily include the binding maps that point to various profiles. If this flag is passed as true, the group delete fails if any binding maps exist in the group sub-tree. By default, this flag is false, which means that the group is deleted along with the group sub-tree. |
boolean | Default: "False" |
| force | Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being referred as a resource reference. |
boolean | Default: "False" |
HostInfraTrafficType (schema) (Deprecated)
Enumerate all types of traffic
The traffic_name specifies the infrastructure traffic type and it
must be one of the following system-defined types:
FAULT_TOLERANCE is traffic for failover and recovery.
HBR is traffic for Host based replication.
ISCSI is traffic for Internet Small Computer System Interface.
MANAGEMENT is traffic for host management.
NFS is traffic related to file transfer in network file system.
VDP is traffic for vSphere data protection.
VIRTUAL_MACHINE is traffic generated by virtual machines.
VMOTION is traffic for computing resource migration.
VSAN is traffic generated by virtual storage area network.
The dynamic_res_pool_name provides a name for the resource pool.
It can be any arbitrary string.
Either traffic_name or dynamic_res_pool_name must be set.
If both are specified or omitted, an error will be returned.
| Name | Description | Type | Notes |
|---|---|---|---|
| dynamic_res_pool_name | Dynamic resource pool traffic name | string | |
| traffic_name | Traffic types | string | Enum: FAULT_TOLERANCE, HBR, ISCSI, MANAGEMENT, NFS, VDP, VIRTUAL_MACHINE, VMOTION, VSAN |
HostSwitchInfo (schema) (Deprecated)
Information of host switch participating in transport zone
| Name | Description | Type | Notes |
|---|---|---|---|
| host_switch_id | Unique ID of a host switch | string | Required Readonly |
| host_switch_mode | Mode of host switch | string | Required Readonly Enum: STANDARD, ENS, ENS_INTERRUPT, LEGACY |
| host_switch_name | Name of a host switch | string | Required Readonly |
| host_switch_type | Type of a host switch | string | Required Readonly Enum: NVDS, VDS |
HostSwitchProfileListParameters (schema) (Deprecated)
HostSwitchProfile List Parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| deployment_type | Deployment type of EdgeNode or PublicCloudGatewayNode If the node_type is specified, then deployment_type may be specified to filter uplink profiles applicable to only PHYSICAL_MACHINE or VIRTUAL_MACHINE deployments of these nodes. |
EdgeDeploymentType | |
| hostswitch_profile_type | Type of host switch profile | HostSwitchProfileType | |
| include_system_owned | Whether the list result contains system resources | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| node_type | Fabric node type for which uplink profiles are to be listed The fabric node type is the resource_type of the Node such as EdgeNode and PublicCloudGatewayNode. If a fabric node type is given, uplink profiles that apply for nodes of the given type will be returned. |
string | Enum: EdgeNode, PublicCloudGatewayNode |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| uplink_teaming_policy_name | The host switch profile's uplink teaming policy name If populated, only UplinkHostSwitchProfiles with the specified uplink teaming policy name are returned. Otherwise, any HostSwitchProfile can be returned. |
string |
HostSwitchProfileType (schema) (Deprecated)
Supported HostSwitch profiles.
| Name | Description | Type | Notes |
|---|---|---|---|
| HostSwitchProfileType | Supported HostSwitch profiles. | string | Deprecated Enum: UplinkHostSwitchProfile, LldpHostSwitchProfile, NiocProfile, ExtraConfigHostSwitchProfile, VtepHAHostSwitchProfile, HighPerformanceHostSwitchProfile |
HostSwitchProfileTypeIdEntry (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| key | HostSwitchProfileType | ||
| value | key value | string | Required |
HostSwitchProfilesListResult (schema) (Deprecated)
HostSwitch Profile queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | HostSwitch Profile Results | array of BaseHostSwitchProfile (Abstract type: pass one of the following concrete types) ExtraConfigHostSwitchProfile LldpHostSwitchProfile NiocProfile UplinkHostSwitchProfile |
Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
HostSwitchState (schema) (Deprecated)
Host Switch State
| Name | Description | Type | Notes |
|---|---|---|---|
| endpoints | List of virtual tunnel endpoints which are configured on this switch | array of Endpoint | Readonly |
| host_switch_id | External ID of the HostSwitch | string | Readonly |
| host_switch_name | HostSwitch name. This name will be used to reference this HostSwitch. The name must be unique among all host switches specified in a given Transport Node. |
string | Readonly |
| host_switch_type | Type of HostSwitch VDS represents VMware vSphere Distributed Switch from vSphere that is used as HostSwitch through TransportNode or TransportNodeProfile configuration. When VDS is used as a HostSwitch, Hosts have to be added to VDS from vSphere and VDS instance is created on Hosts. To configure NSX on such hosts, you can use this VDS as a HostSwitch from NSX manager. vCenter has the ownership of MTU, LAG, NIOC and LLDP configuration of such VDS backed HostSwitch. Remaining configuration (e.g. UplinkHostswitchProfile) will be managed by NSX. NVDS represents NSX Virtual Switch which is NSX native HostSwitch. All configurations of NVDS will be managed by NSX. |
string | Enum: NVDS, VDS Default: "NVDS" |
| transport_zone_ids | List of Ids of TransportZones this HostSwitch belongs to | array of string | Readonly |
HttpRequestMethodType (schema) (Deprecated)
http monitor method
| Name | Description | Type | Notes |
|---|---|---|---|
| HttpRequestMethodType | http monitor method | string | Deprecated Enum: GET, OPTIONS, POST, HEAD, PUT |
HttpRequestVersionType (schema) (Deprecated)
http request version
| Name | Description | Type | Notes |
|---|---|---|---|
| HttpRequestVersionType | http request version | string | Deprecated Enum: HTTP_VERSION_1_0, HTTP_VERSION_1_1 |
IPSecVPNTrafficCounters (schema) (Deprecated)
IPSec VPN traffic counters
Provides the following traffic statistics for IPSec VPN tunnels since the time the tunnels are UP:
- Incoming packet count.
- Outgoing packet count.
- Dropped packet count.
| Name | Description | Type | Notes |
|---|---|---|---|
| bytes_in | Bytes in Total number of traffic bytes received on inbound security association. |
integer | Readonly |
| bytes_out | Bytes out Total number of traffic bytes sent on outbound security association. |
integer | Readonly |
| dropped_packets_in | Dropped incoming packets Total number of incoming packets dropped on inbound security association. |
integer | Readonly |
| dropped_packets_out | Dropped outgoing packets Total number of outgoing packets dropped on outbound security association. |
integer | Readonly |
| packets_in | Packets in Total number of packets received on inbound security association. |
integer | Readonly |
| packets_out | Packets out Total number of packets sent on outbound security association. |
integer | Readonly |
IPv4DhcpServer (schema) (Deprecated)
DHCP server to support IPv4 DHCP service
DHCP server to support IPv4 DHCP service. Properties defined at DHCP server
level can be overridden by ip-pool or static-binding level properties.
| Name | Description | Type | Notes |
|---|---|---|---|
| dhcp_server_ip | DHCP server ip in CIDR format DHCP server ip in CIDR format. |
IPv4CIDRBlock | Required |
| dns_nameservers | DNS ips Primary and secondary DNS server address to assign host. They can be overridden by ip-pool or static-binding level property. |
array of IPv4Address | Minimum items: 0 Maximum items: 2 |
| domain_name | Domain name Host name or prefix to be assigned to host. It can be overridden by ip-pool or static-binding level property. |
string | Format: hostname |
| gateway_ip | Gateway ip Gateway ip to be assigned to host. It can be overridden by ip-pool or static-binding level property. |
IPv4Address | |
| monitor_ippool_usage | Enable/disable monitoring DHCP ip-pool usage Enable or disable monitoring of DHCP ip-pools usage. When enabled, system events are generated when pool usage exceeds the configured thresholds. System events can be viewed in REST API /api/v2/hpm/alarms |
boolean | Default: "False" |
| options | DHCP options Defines the default options for all ip-pools and static-bindings of this server. These options will be ignored if options are defined for ip-pools or static-bindings. |
DhcpOptions |
IPv6DhcpServer (schema) (Deprecated)
DHCP server to support IPv6 DHCP service
DHCP server to support IPv6 DHCP service. Properties defined at DHCP server
level can be overridden by ip-pool or static-binding level properties.
| Name | Description | Type | Notes |
|---|---|---|---|
| dhcp_server_ip | DHCP server ip in CIDR format DHCP server ip in CIDR format. |
IPv6CIDRBlock | |
| dns_nameservers | DNS ips Primary and secondary DNS server address to assign host. They can be overridden by ip-pool or static-binding level property. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
| domain_names | Domain name Host name or prefix to be assigned to host. It can be overridden by ip-pool or static-binding level property. |
array of string | |
| server_id | DHCP server id DHCP server id. |
string | Readonly |
| sntp_servers | SNTP server ips SNTP server ips. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
IngressBroadcastRateShaper (schema) (Deprecated)
A shaper that specifies ingress rate properties in kb/s
| Name | Description | Type | Notes |
|---|---|---|---|
| average_bandwidth_kbps | Average bandwidth in kb/s | int | Minimum: 0 Default: "0" |
| burst_size_bytes | Burst size in bytes | int | Minimum: 0 Default: "0" |
| enabled | boolean | Required | |
| peak_bandwidth_kbps | Peak bandwidth in kb/s | int | Minimum: 0 Default: "0" |
| resource_type | Must be set to the value IngressBroadcastRateShaper | string | Required Enum: IngressRateShaper, IngressBroadcastRateShaper, EgressRateShaper Default: "IngressRateShaper" |
IngressRateShaper (schema) (Deprecated)
A shaper that specifies ingress rate properties in Mb/s
| Name | Description | Type | Notes |
|---|---|---|---|
| average_bandwidth_mbps | Average bandwidth in Mb/s | int | Minimum: 0 Default: "0" |
| burst_size_bytes | Burst size in bytes | int | Minimum: 0 Default: "0" |
| enabled | boolean | Required | |
| peak_bandwidth_mbps | Peak bandwidth in Mb/s | int | Minimum: 0 Default: "0" |
| resource_type | Must be set to the value IngressRateShaper | string | Required Enum: IngressRateShaper, IngressBroadcastRateShaper, EgressRateShaper Default: "IngressRateShaper" |
IntelligenceClusterNodeVMFormFactor (schema) (Deprecated)
Supported VM form factor for NSX-Intelligence cluster nodes
Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM. Enum value SMALL, LARGE and
EXTRA_LARGE will be deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| IntelligenceClusterNodeVMFormFactor | Supported VM form factor for NSX-Intelligence cluster nodes Specifies the desired "size" of the VM. Affects number of virtual CPUs and/or memory size given to the new cluster node VM. Enum value SMALL, LARGE and EXTRA_LARGE will be deprecated. |
string | Deprecated Enum: EVALUATION, STANDARD, ADVANCED, SMALL, LARGE, EXTRA_LARGE |
IpAllocationBase (schema) (Deprecated)
Base type of ip-allocation
Base type of ip-allocation extended by ip pool and static binding.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| gateway_ip | Gateway ip Gateway ip address of the allocation. |
IPAddress | |
| id | Unique identifier of this resource | string | Sortable |
| lease_time | Lease time Lease time, in seconds, [60-(2^32-1)]. Default is 86400. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| options | DHCP options If an option is defined at server level and not configred at ip-pool/static-binding level, the option will be inherited to ip-pool/static-binding. If both define a same-code option, the option defined at ip-pool/static-binding level take precedence over that defined at server level. |
DhcpOptions | |
| resource_type | Must be set to the value IpAllocationBase | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
IpAssignmentSpec (schema) (Deprecated)
Abstract base type for specification of IPs to be used with host switch virtual tunnel endpoints
This is an abstract type. Concrete child types:
AssignedByDhcp
NoIpv4
StaticIpListSpec
StaticIpMacListSpec
StaticIpPoolSpec
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | string | Required Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec, NoIpv4 |
IpDiscoverySwitchingProfile (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| arp_bindings_limit | Number of IP addresses to be snooped via ARP snooping Indicates the number of arp snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. This limit only applies to IPv4 addresses and is independent of the nd_bindings_limit used for IPv6 snooping. |
int | Minimum: 1 Maximum: 256 Default: "1" |
| arp_nd_binding_timeout | ARP and ND cache timeout (in minutes) This property controls the ARP and ND cache timeout period.It is recommended that this property be greater than the ARP/ND cache timeout on the VM. |
int | Minimum: 5 Maximum: 120 Default: "10" |
| arp_snooping_enabled | Indicates whether ARP snooping is enabled | boolean | Default: "True" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_snooping_enabled | Indicates whether DHCP snooping is enabled | boolean | Default: "True" |
| dhcpv6_snooping_enabled | Indicates if stateful DHCPv6 snooping is enabled This option is the IPv6 equivalent of DHCP snooping. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| duplicate_ip_detection | Controls whether duplicate IP detection should be enabled Duplicate IP detection is used to determine if there is any IP conflict with any other port on the same logical switch. If a conflict is detected, then the IP is marked as a duplicate on the port where the IP was discovered last. The duplicate IP will not be added to the realized address binings for the port and hence will not be used in DFW rules or other security configurations for the port. |
DuplicateIPDetection | |
| id | Unique identifier of this resource | string | Sortable |
| nd_bindings_limit | Number of IP addresses to be snooped via neighbor-discovery(ND) snooping Indicates the number of neighbor-discovery snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. This limit only applies to IPv6 addresses and is independent of the arp_bindings_limit used for IPv4 snooping. |
int | Minimum: 2 Maximum: 15 Default: "3" |
| nd_snooping_enabled | Indicates if neighbor discovery snooping is enabled This option is the IPv6 equivalent of ARP snooping. |
boolean | Default: "False" |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value IpDiscoverySwitchingProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| trust_on_first_use_enabled | Controls whether trust-on-first-use should be enabled ARP snooping being inherently susceptible to ARP spoofing, uses a turst-on-fisrt-use (TOFU) paradigm where only the first IP address discovered via ARP snooping is trusted. The remaining are ignored. In order to allow for more flexibility, we allow the user to configure how many ARP snooped address bindings should be trusted for the lifetime of the logical port. This is controlled by the arp_bindings_limit property in the IP Discovery profile. We refer to this extension of TOFU as N-TOFU. However, if TOFU is disabled, then N ARP snooped IP addresses will be trusted until they are timed out, where N is configured by arp_bindings_limit. |
boolean | Default: "True" |
| vm_tools_enabled | Indicates whether fetching IP using vm-tools is enabled This option is only supported on ESX where vm-tools is installed. |
boolean | Default: "True" |
| vm_tools_v6_enabled | Indicates whether fetching IPv6 addresses using vm-tools is enabled This option is only supported on ESX where vm-tools is installed. |
boolean | Default: "False" |
IpInfo (schema) (Deprecated)
Only support IP address or subnet. Its type can be of
IPv4 or IPv6. It will be converted to subnet when netmask
is specified(e.g., 192.168.1.3/24 => 192.168.1.0/24,
2008:12:12:12::2/64 => 2008:12:12:12::/64).
This type is deprecated. Please use the type NetworkInfo instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination IP address or subnet The destination IP can be an IP address or a subnet. |
IPElement | |
| src_ip | The source IP address or subnet The source IP can be an IP address or a subnet. |
IPElement |
IpMacPair (schema) (Deprecated)
IP and MAC pair.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | IP address | IPAddress | Required |
| mac | MAC address | MACAddress |
L2Vpn (schema) (Deprecated)
L2 Virtual Private Network Configuration
Contains information necessary to configure L2Vpn.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable L2Vpn Enable to extend all the associated segments. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value L2Vpn | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_tunnels | List of paths referencing transport tunnels List of paths referencing transport tunnels. |
array of string | Required Minimum items: 1 Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L2VpnAttachmentContext (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| allocate_addresses | A flag to indicate whether to allocate addresses from allocation pools bound to the parent logical switch. | string | Enum: IpPool, MacPool, Both, None, Dhcp, DhcpV6, SLAAC |
| local_egress_ip | Array of local egress IPs List of local egress IP addresses, used for local egress optimization. |
array of IPElement | |
| resource_type | Must be set to the value L2VpnAttachmentContext | string | Required |
| tunnel_id | Tunnel Id to uniquely identify the extension. | int | Required Minimum: 1 Maximum: 4093 |
L2VpnContext (schema) (Deprecated)
L2Vpn Context
L2Vpn Context provides meta-data information about the parent Tier-0.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_hub | Enable to act as hub If enabled, the tier-0 acts as a Hub and replicates traffic received from peer to all other peers. If disabled, the tier-0 acts as a Spoke and replicates only the local. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value L2VpnContext | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3Vpn (schema) (Deprecated)
L3 Virtual Private Network Configuration
Contains information necessary to configure IPSec VPN.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dh_groups | DH group Diffie-Hellman group to be used if PFS is enabled. Default group is GROUP14. |
array of PolicyDHGroup | Maximum items: 1 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_perfect_forward_secrecy | Enable perfect forward secrecy If true, perfect forward secrecy (PFS) is enabled. |
boolean | Default: "True" |
| enabled | Enable L3Vpn Flag to enable L3Vpn. Default is enabled. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_digest_algorithms | Digest Algorithm for IKE Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256. |
array of PolicyIKEDigestAlgorithm | Maximum items: 1 |
| ike_encryption_algorithms | Encryption algorithm for IKE Algorithm to be used during Internet Key Exchange(IKE) negotiation. Default is AES_128. |
array of PolicyIKEEncryptionAlgorithm | Maximum items: 1 |
| ike_version | IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. |
PolicyIKEVersion | Default: "IKE_V2" |
| l3vpn_session | L3Vpn Session | L3VpnSession (Abstract type: pass one of the following concrete types) PolicyBasedL3VpnSession RouteBasedL3VpnSession |
Required |
| local_address | IPv4 address of local gateway | IPv4Address | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| passphrases | List of IPSec pre-shared keys List of IPSec pre-shared keys used for IPSec authentication. If not specified, the older passphrase values are retained if there are any. |
array of secure_string | Maximum items: 1 |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| remote_private_address | Identifier of the remote site This field is used to resolve conflicts in case of a remote site being behind NAT as remote public ip address is not enough. If it is not the case the remote public address should be provided here. If not provided, the value of this field is set to remote_public_address. |
string | |
| remote_public_address | Public IPv4 address of remote gateway | IPv4Address | Required |
| resource_type | Must be set to the value L3Vpn | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tunnel_digest_algorithms | Digest Algorithm for Tunnel Establishment Algorithm to be used for message digest during tunnel establishment. Default algorithm is empty. |
array of PolicyTunnelDigestAlgorithm | Maximum items: 1 |
| tunnel_encryption_algorithms | Encryption algorithm for Tunnel Establishement Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. |
array of PolicyTunnelEncryptionAlgorithm | Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3VpnContext (schema) (Deprecated)
L3Vpn Context
L3Vpn Context provides the configuration context that different L3Vpns can consume.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| available_local_addresses | IPv4 addresses of the local gateway Local gateway IPv4 addresses available for configuration of each L3Vpn. |
array of PolicyIPAddressInfo | |
| bypass_rules | List of Bypass L3VpnRules Bypass L3Vpn rules that will be shared across L3Vpns. Only Bypass action is supported on these L3Vpn rules. |
array of L3VpnRule | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable L3 Virtual Private Network (VPN) service If true, enable L3Vpn Service for given tier-0. Enabling/disabling this service affects all L3Vpns under the given tier-0. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_log_level | Internet key exchange (IKE) log level Log level for internet key exchange (IKE). |
string | Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY Default: "INFO" |
| label | Policy path referencing Label Policy path referencing Label. A label is used as a mechanism to group route-based L3Vpns in order to apply edge firewall rules on members' VTIs. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value L3VpnContext | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3VpnRule (schema) (Deprecated)
L3Vpn Rule
For policy-based L3Vpn sessions, a rule specifies as its action the vpn tunnel to be used
for transit traffic that meets the rule's match criteria.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action to apply to the traffic transiting through the L3Vpn Action to exchange data with or without protection. PROTECT - Allows to exchange data with ipsec protection. Protect rules are defined per L3Vpn. BYPASS - Allows to exchange data without ipsec protection. Bypass rules are defined per L3VpnContext and affects all policy based L3Vpns. Bypass rules are prioritized over protect rules. |
string | Enum: PROTECT, BYPASS Default: "PROTECT" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destinations | List of remote subnets List of remote subnets used in policy-based L3Vpn. |
array of L3VpnSubnet | Required Minimum items: 1 Maximum items: 128 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value L3VpnRule | string | |
| sequence_number | Sequence number of the L3VpnRule This field is used to resolve conflicts between multiple L3VpnRules associated with a single L3Vpn or L3VpnContext. |
int | |
| sources | List of local subnets List of local subnets used in policy-based L3Vpn. |
array of L3VpnSubnet | Required Minimum items: 1 Maximum items: 128 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3VpnSession (schema) (Deprecated)
L3Vpn Session
Contains information about L3Vpn session.
This is an abstract type. Concrete child types:
PolicyBasedL3VpnSession
RouteBasedL3VpnSession
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | L3VpnSessionResourceType | Required |
L3VpnSessionResourceType (schema) (Deprecated)
Resource type of L3Vpn Session
- A Policy Based L3Vpn is a configuration in which protect rules to match local
and remote subnet needs to be defined. Tunnel is established for each pair of
local and remote subnet defined in protect rules.
- A Route Based L3Vpn is more flexible, more powerful and recommended over policy
based. IP Tunnel subnet is created and all traffic routed through tunnel subnet
(commonly known as VTI) is sent over tunnel. Routes can be learned through BGP.
A route based L3Vpn is required when using redundant L3Vpn.
| Name | Description | Type | Notes |
|---|---|---|---|
| L3VpnSessionResourceType | Resource type of L3Vpn Session - A Policy Based L3Vpn is a configuration in which protect rules to match local and remote subnet needs to be defined. Tunnel is established for each pair of local and remote subnet defined in protect rules. - A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet (commonly known as VTI) is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn. |
string | Deprecated Enum: PolicyBasedL3VpnSession, RouteBasedL3VpnSession |
L3VpnSubnet (schema) (Deprecated)
Subnet used in L3Vpn Rule
Used to specify subnets in L3Vpn rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| subnet | Subnet Subnet used in L3Vpn Rule. |
IPv4CIDRBlock | Required |
LBActiveMonitor (schema) (Deprecated)
Base class for each type of active LBMonitorProfile
All the active types of LBMonitorProfile extend from this abstract class.
This is present for extensibility.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBActiveMonitor | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBClientCertificateIssuerDnCondition (schema) (Deprecated)
Match condition for client certficate issuer DN
Match condition for client certficate issuer DN.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for issuer DN comparing If true, case is significant when comparing issuer DN value. |
boolean | Default: "True" |
| issuer_dn | Value of issuer DN Value of issuer DN. The format should follow RFC 2253. |
string | Required |
| match_type | Match type of issuer DN Match type of issuer DN. |
LbRuleMatchType | Default: "REGEX" |
LBClientCertificateSubjectDnCondition (schema) (Deprecated)
Match condition for client certficate subject DN
Match condition for client certficate subject DN.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for subject DN comparing If true, case is significant when comparing subject DN value. |
boolean | Default: "True" |
| match_type | Match type of subject DN Match type of subject DN. |
LbRuleMatchType | Default: "REGEX" |
| subject_dn | Value of subject DN Value of subject DN. The format should follow RFC 2253. |
string | Required |
LBClientSslProfile (schema) (Deprecated)
Client SSL profile
Client SSL profile.
LBClientSslProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cipher_group_label | Label of cipher group It is a label of cipher group which is mostly consumed by GUI. |
SslCipherGroup | |
| ciphers | Supported SSL cipher list to client side Supported SSL cipher list to client side. |
array of SslCipher | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_fips | FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant.. |
boolean | Readonly |
| is_secure | Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| prefer_server_ciphers | Prefer server ciphers flag During SSL handshake as part of the SSL client Hello client sends an ordered list of ciphers that it can support (or prefers) and typically server selects the first one from the top of that list it can also support. For Perfect Forward Secrecy(PFS), server could override the client's preference. |
boolean | Default: "True" |
| protocols | Supported SSL protocol list to client side SSL version TLS1.2 is supported and enabled. |
array of SslProtocol | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBClientSslProfile | string | |
| session_cache_enabled | Session cache Activate or deactivate flag SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. |
boolean | Default: "True" |
| session_cache_timeout | SSL session cache timeout value Session cache timeout specifies how long the SSL session parameters are held on to and can be reused. |
integer | Minimum: 1 Maximum: 86400 Default: "300" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBClientSslProfileBinding (schema) (Deprecated)
Client SSL profile binding
Client SSL profile binding.
LBClientSslProfileBinding is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_chain_depth | The maximum traversal depth of client certificate chain Authentication depth is used to set the verification depth in the client certificates chain. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| client_auth | Client authentication mode Client authentication mode. |
ClientAuthType | Default: "IGNORE" |
| client_auth_ca_paths | CA path list to verify client certificate If client auth type is REQUIRED, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. |
array of string | |
| client_auth_crl_paths | CRL path list to verify client certificate A Certificate Revocation List (CRL) can be specified in the client-side SSL profile binding to disallow compromised client certificates. |
array of string | |
| default_certificate_path | Default service certificate identifier A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. |
string | Required |
| sni_certificate_paths | SNI certificate path list Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. |
array of string | |
| ssl_profile_path | Client SSL profile path Client SSL profile defines reusable, application-independent client side SSL properties. |
string |
LBClientSslProfileListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of load balancer client SSL profiles | array of LBClientSslProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LBConnectionDropAction (schema) (Deprecated)
Action to drop connections
This action is used to drop the connections. There is no extra propery in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING pahse.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBConnectionDropAction | LBRuleActionType | Required |
LBCookiePersistenceProfile (schema) (Deprecated)
LBPersistenceProflie using Cookies for L7 LBVirtualServer
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBCookiePersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cookie_domain | Cookie domain HTTP cookie domain could be configured, only available for insert mode. |
string | |
| cookie_fallback | Cookie persistence fallback If fallback is true, once the cookie points to a server that is down (i.e. admin state DISABLED or healthcheck state is DOWN), then a new server is selected by default to handle that request. If fallback is false, it will cause the request to be rejected if cookie points to a server. |
boolean | Default: "True" |
| cookie_garble | Cookie persistence garble If garble is set to true, cookie value (server IP and port) would be encrypted. If garble is set to false, cookie value would be plain text. |
boolean | Default: "True" |
| cookie_httponly | Cookie httponly flag If cookie httponly flag is true, it prevents a script running in the browser from accessing the cookie. Only available for insert mode. |
boolean | Default: "False" |
| cookie_mode | Cookie persistence mode Cookie persistence mode. |
CookiePersistenceModeType | Default: "INSERT" |
| cookie_name | Cookie name Cookie name. |
string | Default: "NSXLB" |
| cookie_path | Cookie path HTTP cookie path could be set, only available for insert mode. |
string | |
| cookie_secure | Cookie secure flag If cookie secure flag is true, it prevents the browser from sending a cookie over http. The cookie is sent only over https. Only available for insert mode. |
boolean | Default: "False" |
| cookie_time | Cookie time setting Both session cookie and persistence cookie are supported, if not specified, it's a session cookie. It expires when the browser is closed. |
LBCookieTime (Abstract type: pass one of the following concrete types) LBPersistenceCookieTime LBSessionCookieTime |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBCookiePersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBCookieTime (schema) (Deprecated)
Cookie time
Cookie time.
This is an abstract type. Concrete child types:
LBPersistenceCookieTime
LBSessionCookieTime
| Name | Description | Type | Notes |
|---|---|---|---|
| type | LBCookieTimeType | Required |
LBCookieTimeType (schema) (Deprecated)
CookieTime type
Both session cookie and persistence cookie are supported,
Use LbSessionCookieTime for session cookie time setting,
Use LbPersistenceCookieTime for persistence cookie time setting
| Name | Description | Type | Notes |
|---|---|---|---|
| LBCookieTimeType | CookieTime type Both session cookie and persistence cookie are supported, Use LbSessionCookieTime for session cookie time setting, Use LbPersistenceCookieTime for persistence cookie time setting |
string | Deprecated Enum: LBSessionCookieTime, LBPersistenceCookieTime |
LBGenericPersistenceProfile (schema) (Deprecated)
LB generic persistence profile
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBGenericPersistenceProfile cannot be attached to virtual server directly,
it can be specified in LB rule actions. In HTTP forwarding phase,
the profile can be specified in LBVariablePersistenceOnAction. In HTTP
response rewriting phase, the profile can be specified in
LBVariablePersistenceLearnAction.
LBGenericPersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ha_persistence_mirroring_enabled | Mirroring enabled flag The mirroring enabled flag is to synchronize persistence entries. Persistence entries are not synchronized to the HA peer by default. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBGenericPersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Persistence entry expiration time in seconds When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. |
integer | Minimum: 1 Maximum: 2147483647 Default: "300" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBHttpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over HTTP
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful.
Completing a healthcheck within timeout means establishing a connection
(TCP or SSL), if applicable, sending the request and receiving the
response, all within the configured timeout.
LBHttpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| request_body | HTTP health check request body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. |
string | |
| request_headers | Array of HTTP request headers Array of HTTP request headers. |
array of LbHttpRequestHeader | |
| request_method | The health check method for HTTP monitor type The health check method for HTTP monitor type. |
HttpRequestMethodType | Default: "GET" |
| request_url | Customized HTTP request url for active health checks For HTTP active healthchecks, the HTTP request url sent can be customized and can include query parameters. |
string | Default: "/" |
| request_version | HTTP request version HTTP request version. |
HttpRequestVersionType | Default: "HTTP_VERSION_1_1" |
| resource_type | Must be set to the value LBHttpMonitorProfile | LBMonitorProfileType | Required |
| response_body | Response body to match If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. |
string | |
| response_status_codes | Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code. |
array of int | Maximum items: 64 |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBHttpProfile (schema) (Deprecated)
Http profile
Http profile.
LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| http_redirect_to | Http redirect static URL If a website is temporarily down or has moved, incoming requests for that virtual server can be temporarily redirected to a URL. |
string | |
| http_redirect_to_https | Flag to indicate whether enable HTTP-HTTPS redirect Certain secure applications may want to force communication over SSL, but instead of rejecting non-SSL connections, they may choose to redirect the client automatically to use SSL. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | HTTP application idle timeout in seconds It is used to specify the HTTP application idle timeout, it means that how long the load balancer will keep the connection idle to wait for the client to send the next keep-alive request. It is not a TCP socket setting. |
integer | Minimum: 1 Maximum: 5400 Default: "15" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| ntlm | NTLM support flag NTLM is an authentication protocol that can be used over HTTP. If the flag is set to true, LB will use NTLM challenge/response methodology. This property is deprecated. Please use the property server_keep_alive in order to keep the backend server connection alive for the client connection. When create a new profile, if both ntlm and server_keep_alive are set as different values, ERROR will be reported. When update an existing profile, if either ntlm or server_keep_alive value is changed, both of them are updated with the changed value. |
boolean | Deprecated |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| request_body_size | Maximum size of the buffer used to store HTTP request body If it is not specified, it means that request body size is unlimited. |
integer | Minimum: 1 Maximum: 2147483647 |
| request_header_size | Maximum size of the buffer used to store HTTP request headers A request with header equal to or below this size is guaranteed to be processed. A request with header larger than request_header_size will be processed up to 32K bytes on best effort basis. |
integer | Minimum: 1 Default: "1024" |
| resource_type | Must be set to the value LBHttpProfile | LBApplicationProfileType | Required |
| response_buffering | Activate or deactivate buffering of responses When buffering is deactivated, the response is passed to a client synchronously, immediately as it is received. When buffering is activated, LB receives a response from the backend server as soon as possible, saving it into the buffers. |
boolean | Default: "False" |
| response_header_size | Maximum size of the buffer used to store HTTP response headers A response with header larger than response_header_size will be dropped. |
integer | Minimum: 1 Maximum: 65536 Default: "4096" |
| response_timeout | Maximum server idle time in seconds If server doesn’t send any packet within this time, the connection is closed. |
integer | Minimum: 1 Maximum: 2147483647 Default: "60" |
| server_keep_alive | Server keep-alive flag If server_keep_alive is true, it means the backend connection will keep alive for the client connection. Every client connection is tied 1:1 with the corresponding server-side connection. If server_keep_alive is false, it means the backend connection won't keep alive for the client connection. If server_keep_alive is not specified for API input, its value in API output will be the same with the property ntlm. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| x_forwarded_for | Insert or replace x_forwarded_for When X-Forwareded-For is configured, X-Forwarded-Proto and X-Forwarded-Port information is added automatically. The two additional header information can be also modified or deleted in load balancer rules. |
LBXForwardedForType |
LBHttpRedirectAction (schema) (Deprecated)
Action to redirect HTTP request messages
This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser).
The HTTP status code for redirection is 3xx, for example, 301, 302, 303,
307, etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message.
Captured variables and built-in variables can be used in redirect_url field.
For example, to redirect all HTTP requests to HTTPS requests for a virtual
server. We create an LBRule without any conditions, add an
LBHttpRedirectAction to the rule. Set the
redirect_url field of the LBHttpRedirectAction to:
https://$_host$_request_uri
And set redirect_status to "302", which means found. This rule will
redirect all HTTP requests to HTTPS server port on the same host.
| Name | Description | Type | Notes |
|---|---|---|---|
| redirect_status | HTTP response status code HTTP response status code. |
string | Required |
| redirect_url | The URL that the HTTP request is redirected to The URL that the HTTP request is redirected to. |
string | Required |
| type | Must be set to the value LBHttpRedirectAction | LBRuleActionType | Required |
LBHttpRejectAction (schema) (Deprecated)
Action to reject HTTP request messages
This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LBHttpRejectAction does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| reply_message | Response message Response message. |
string | |
| reply_status | HTTP response status code HTTP response status code. |
string | Required |
| type | Must be set to the value LBHttpRejectAction | LBRuleActionType | Required |
LBHttpRequestBodyCondition (schema) (Deprecated)
Condition to match content of HTTP request message body
This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body.
The match_type field defines how body_value field is used to match the body
of HTTP requests.
| Name | Description | Type | Notes |
|---|---|---|---|
| body_value | HTTP request body | string | Required |
| case_sensitive | A case sensitive flag for HTTP body comparing If true, case is significant when comparing HTTP body value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP body | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestBodyCondition | LBRuleConditionType | Required |
LBHttpRequestCookieCondition (schema) (Deprecated)
Condition to match HTTP request cookie
This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for cookie value comparing If true, case is significant when comparing cookie value. |
boolean | Default: "True" |
| cookie_name | Name of cookie Cookie name. |
string | Required |
| cookie_value | Value of cookie Cookie value. |
string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of cookie value Match type of cookie value. |
LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestCookieCondition | LBRuleConditionType | Required |
LBHttpRequestHeaderCondition (schema) (Deprecated)
Condition to match HTTP request header
This condition is used to match HTTP request messages by HTTP header
fields. HTTP header fields are components of the header section of HTTP
request and response messages. They define the operating parameters of an
HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
requests. The header_name field does not support match types.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value. |
boolean | Default: "True" |
| header_name | Name of HTTP header | string | Default: "Host" |
| header_value | Value of HTTP header | string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP header value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestHeaderCondition | LBRuleConditionType | Required |
LBHttpRequestHeaderDeleteAction (schema) (Deprecated)
Action to delete HTTP request header fields
This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP request message Name of a header field of HTTP request message. |
string | Required |
| type | Must be set to the value LBHttpRequestHeaderDeleteAction | LBRuleActionType | Required |
LBHttpRequestHeaderRewriteAction (schema) (Deprecated)
Action to rewrite header fields of HTTP request messages
This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of HTTP request header Name of HTTP request header. |
string | Required |
| header_value | Value of HTTP request header Value of HTTP request header. |
string | Required |
| type | Must be set to the value LBHttpRequestHeaderRewriteAction | LBRuleActionType | Required |
LBHttpRequestMethodCondition (schema) (Deprecated)
Condition to match method of HTTP request messages
This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to
GET in this condition, any HTTP request with GET method matches the
condition.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| method | Type of HTTP request method | HttpRequestMethodType | Required |
| type | Must be set to the value LBHttpRequestMethodCondition | LBRuleConditionType | Required |
LBHttpRequestUriArgumentsCondition (schema) (Deprecated)
Condition to match URI arguments of HTTP requests
This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?")
character and terminated by a number sign ("#") character or by the end of
the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LBRuleAction fields which support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for URI arguments comparing If true, case is significant when comparing URI arguments. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of URI arguments | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestUriArgumentsCondition | LBRuleConditionType | Required |
| uri_arguments | URI arguments URI arguments, aka query string of URI. |
string | Required |
LBHttpRequestUriCondition (schema) (Deprecated)
Condition to match URIs of HTTP request messages
This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression.
If an HTTP request message is requesting an URI which matches specified
regular expression, it matches the condition.
The syntax of whole URI looks like this:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI.
When match_type field is specified as REGEX, the uri field is used as a
regular expression to match URI path of HTTP requests. For example, to
match any URI that has "/image/" or "/images/", uri field can be specified
as: "/image[s]?/".
Named capturing groups can be used in the uri field to capture substrings
of matched URIs and store them in variables for use in LBRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)"
If the URI path is /articles/news/2017/06/xyz.html, then substring "2017"
is captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then
be used in an LBRuleAction field which supports variables, such as uri
field of LBHttpRequestUriRewriteAction. For example, set the uri field
of LBHttpRequestUriRewriteAction as:
"/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for URI comparing If true, case is significant when comparing URI. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of URI | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestUriCondition | LBRuleConditionType | Required |
| uri | A string used to identify resource | string | Required |
LBHttpRequestUriRewriteAction (schema) (Deprecated)
Action to rewrite HTTP request URIs.
This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values.
Full URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
The uri field of this action is used to rewrite the /path part in above
scheme. And the uri_arguments field is used to rewrite the query part.
Captured variables and built-in variables can be used in the uri and
uri_arguments fields.
Check the example in LBRuleAction to see how to use variables in this
action.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBHttpRequestUriRewriteAction | LBRuleActionType | Required |
| uri | URI of HTTP request URI of HTTP request. |
string | Required |
| uri_arguments | URI arguments Query string of URI, typically contains key value pairs, for example: foo1=bar1&foo2=bar2. |
string |
LBHttpRequestVersionCondition (schema) (Deprecated)
Condition to match HTTP protocol version of HTTP requests
This condition is used to match the HTTP protocol version of the HTTP
request messages.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| type | Must be set to the value LBHttpRequestVersionCondition | LBRuleConditionType | Required |
| version | HTTP version | HttpRequestVersionType | Required |
LBHttpResponseHeaderCondition (schema) (Deprecated)
Condition to match a header field of HTTP response
This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization,
User-Agent, etc. One condition can be used to match one header field, to
match multiple header fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value. |
boolean | Default: "True" |
| header_name | Name of HTTP header field | string | Required |
| header_value | Value of HTTP header field | string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP header value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpResponseHeaderCondition | LBRuleConditionType | Required |
LBHttpResponseHeaderDeleteAction (schema) (Deprecated)
Action to delete HTTP response header fields
This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP response message Name of a header field of HTTP response message. |
string | Required |
| type | Must be set to the value LBHttpResponseHeaderDeleteAction | LBRuleActionType | Required |
LBHttpResponseHeaderRewriteAction (schema) (Deprecated)
Action to rewrite HTTP response header fields
This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP request message Name of a header field of HTTP request message. |
string | Required |
| header_value | Value of header field Value of header field |
string | Required |
| type | Must be set to the value LBHttpResponseHeaderRewriteAction | LBRuleActionType | Required |
LBHttpSslCondition (schema) (Deprecated)
Condition to match SSL handshake and SSL connection
This condition is used to match SSL handshake and SSL connection at
all phases.If multiple properties are configured, the rule is considered
a match when all the configured properties are matched.
| Name | Description | Type | Notes |
|---|---|---|---|
| client_certificate_issuer_dn | The issuer DN match condition of the client certificate The issuer DN match condition of the client certificate for an established SSL connection. |
LBClientCertificateIssuerDnCondition | |
| client_certificate_subject_dn | The subject DN match condition of the client certificate The subject DN match condition of the client certificate for an established SSL connection. |
LBClientCertificateSubjectDnCondition | |
| client_supported_ssl_ciphers | Cipher list which supported by client Cipher list which supported by client. |
array of SslCipher | |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| session_reused | The type of SSL session reused The type of SSL session reused. |
LbSslSessionReusedType | Default: "IGNORE" |
| type | Must be set to the value LBHttpSslCondition | LBRuleConditionType | Required |
| used_protocol | Protocol of an established SSL connection Protocol of an established SSL connection. |
SslProtocol | |
| used_ssl_cipher | Cipher used for an established SSL connection Cipher used for an established SSL connection. |
SslCipher |
LBHttpsMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over HTTPS
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTPS. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBHttpsMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| request_body | HTTP health check request body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. |
string | |
| request_headers | Array of HTTP request headers Array of HTTP request headers. |
array of LbHttpRequestHeader | |
| request_method | The health check method for HTTP monitor type The health check method for HTTP monitor type. |
HttpRequestMethodType | Default: "GET" |
| request_url | Customized HTTPS request url for active health checks For HTTPS active healthchecks, the HTTPS request url sent can be customized and can include query parameters. |
string | Default: "/" |
| request_version | HTTP request version HTTP request version. |
HttpRequestVersionType | Default: "HTTP_VERSION_1_1" |
| resource_type | Must be set to the value LBHttpsMonitorProfile | LBMonitorProfileType | Required |
| response_body | Response body to match If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. |
string | |
| response_status_codes | Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code. |
array of int | Maximum items: 64 |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| server_ssl_profile_binding | Pool side SSL binding setting The setting is used when the monitor acts as an SSL client and establishing a connection to the backend server. |
LBServerSslProfileBinding | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBIcmpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over ICMP
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over ICMP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healt hchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBIcmpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| data_length | The data size (in byte) of the ICMP healthcheck packet | integer | Minimum: 0 Maximum: 65507 Default: "56" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBIcmpMonitorProfile | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBIpHeaderCondition (schema) (Deprecated)
Condition to match IP header fields
This condition is used to match IP header fields of HTTP messages.
Either source_address or group_id should be specified.
| Name | Description | Type | Notes |
|---|---|---|---|
| group_path | Grouping object path Source IP address of HTTP message should match IP addresses which are configured in Group in order to perform actions. |
string | |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| source_address | Source IP address of HTTP message Source IP address of HTTP message. IP Address can be expressed as a single IP address like 10.1.1.1, or a range of IP addresses like 10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported. |
IPElement | |
| type | Must be set to the value LBIpHeaderCondition | LBRuleConditionType | Required |
LBJwtAuthAction (schema) (Deprecated)
Action to control access using JWT authentication
This action is used to control access to backend server resources using
JSON Web Token(JWT) authentication. The JWT authentication is done before
any HTTP manipulation if the HTTP request matches the given condition in
LBRule. Any verification failed, the HTTP process will be terminated, and
HTTP response with 401 status code and WWW-Authentication header will be
returned to client.
| Name | Description | Type | Notes |
|---|---|---|---|
| key | LBJwtKey used for verifying the signature of JWT token | LBJwtKey (Abstract type: pass one of the following concrete types) LBJwtCertificateKey LBJwtPublicKey LBJwtSymmetricKey |
|
| pass_jwt_to_pool | Whether to pass the JWT to backend server or remove it Specify whether to pass the JWT to backend server or remove it. By default, it is false which means will not pass the JWT to backend servers. |
boolean | Default: "False" |
| realm | JWT realm A description of the protected area. If no realm is specified, clients often display a formatted hostname instead. The configured realm is returned when client request is rejected with 401 http status. In the response, it will be "WWW-Authentication: Bearer realm=<realm>". |
string | |
| tokens | JWT tokens JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Load balancer will search for every specified tokens one by one for the jwt message until found. This parameter is optional. In case not found or this field is not configured, load balancer searches the Bearer header by default in the http request "Authorization: Bearer <token>". |
array of string | |
| type | Must be set to the value LBJwtAuthAction | LBRuleActionType | Required |
LBJwtCertificateKey (schema) (Deprecated)
Specifies certificate used to verify the signature of JWT tokens
The key is used to specify certificate which is used to verify the
signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_path | Certificate identifier | string | Required |
| type | Must be set to the value LBJwtCertificateKey | LBJwtKeyType | Required |
LBJwtKey (schema) (Deprecated)
Load balancer JWT key
LBJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
This is an abstract type. Concrete child types:
LBJwtCertificateKey
LBJwtPublicKey
LBJwtSymmetricKey
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type of load balancer JWT key The property is used to identify JWT key type. |
LBJwtKeyType | Required |
LBJwtKeyType (schema) (Deprecated)
Type of load balancer JWT key
It is used to identify JWT key type.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBJwtKeyType | Type of load balancer JWT key It is used to identify JWT key type. |
string | Deprecated Enum: LBJwtCertificateKey, LBJwtSymmetricKey, LBJwtPublicKey |
LBJwtPublicKey (schema) (Deprecated)
Specifies public key content used to verify the signature of JWT tokens
The key is used to specify the public key content which is used to verify
the signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| public_key_content | Content of public key | string | Required |
| type | Must be set to the value LBJwtPublicKey | LBJwtKeyType | Required |
LBJwtSymmetricKey (schema) (Deprecated)
Specifies the symmetric key used to verify the signature of JWT tokens
The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBJwtSymmetricKey | LBJwtKeyType | Required |
LBMonitorProfile (schema) (Deprecated)
The object is deprecated as NSX-T Load Balancer is deprecated.
This is an abstract type. Concrete child types:
LBActiveMonitor
LBHttpMonitorProfile
LBHttpsMonitorProfile
LBIcmpMonitorProfile
LBPassiveMonitorProfile
LBTcpMonitorProfile
LBUdpMonitorProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBMonitorProfile | LBMonitorProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBMonitorProfileListResult (schema) (Deprecated)
Paged Collection of LBMonitorProfiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | LBMonitorProfile list results | array of LBMonitorProfile (Abstract type: pass one of the following concrete types) LBActiveMonitor LBHttpMonitorProfile LBHttpsMonitorProfile LBIcmpMonitorProfile LBPassiveMonitorProfile LBTcpMonitorProfile LBUdpMonitorProfile |
Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LBMonitorProfileType (schema) (Deprecated)
Monitor type
There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server
or the application is down.
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBMonitorProfileType | Monitor type There are two types of healthchecks: active and passive. Passive healthchecks depend on failures in actual client traffic (e.g. RST from server in response to a client connection) to detect that the server or the application is down. In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP and ICMP protocols. |
string | Deprecated Enum: LBTcpMonitorProfile, LBUdpMonitorProfile, LBIcmpMonitorProfile, LBHttpMonitorProfile, LBHttpsMonitorProfile, LBPassiveMonitorProfile |
LBPassiveMonitorProfile (schema) (Deprecated)
Base class for each type of active LBMonitorProfile
The passive type of LBMonitorProfile.
LBPassiveMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| max_fails | Number of consecutive connection failures When the consecutive failures reach this value, then the member is considered temporarily unavailable for a configurable period |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBPassiveMonitorProfile | LBMonitorProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Timeout in seconds before it is selected again for a new connection After this timeout period, the member is tried again for a new connection to see if it is available. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBPersistenceCookieTime (schema) (Deprecated)
Persistence cookie time
Persistence cookie time.
| Name | Description | Type | Notes |
|---|---|---|---|
| cookie_max_idle | Persistence cookie max idle time in seconds HTTP cookie max-age to expire cookie, only available for insert mode. |
integer | Required Minimum: 1 Maximum: 2147483647 |
| type | Must be set to the value LBPersistenceCookieTime | LBCookieTimeType | Required |
LBRule (schema) (Deprecated)
Binding of a LBPool and Group to a LBVirtualServer
Binding of a LBPool and Group to a LBVirtualServer
used to route application traffic passing through load balancers.
LBRule uses match conditions to match application traffic passing
through a LBVirtualServer using HTTP or HTTPS. Can bind
multiple LBVirtualServers to a Group. Each LBRule
consists of two optional match conditions, each match contidion defines a
criterion for application traffic. If no match conditions are
specified, then the LBRule will always match and it is used
typically to define default rules. If more than one match condition is
specified, then matching strategy determines if all conditions should
match or any one condition should match for the LBRule to be
considered a match. A match indicates that the LBVirtualServer
should route the request to the Group (parent of LBRule).
LBRule is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| actions | Actions to be executed A list of actions to be executed at specified phase when load balancer rule matches. The actions are used to manipulate application traffic, such as rewrite URI of HTTP messages, redirect HTTP messages, etc. |
array of LBRuleAction (Abstract type: pass one of the following concrete types) LBConnectionDropAction LBHttpRedirectAction LBHttpRejectAction LBHttpRequestHeaderDeleteAction LBHttpRequestHeaderRewriteAction LBHttpRequestUriRewriteAction LBHttpResponseHeaderDeleteAction LBHttpResponseHeaderRewriteAction LBJwtAuthAction LBSelectPoolAction LBSslModeSelectionAction LBVariableAssignmentAction LBVariablePersistenceLearnAction LBVariablePersistenceOnAction |
Required Maximum items: 60 |
| display_name | Display name for LBRule A display name useful for identifying an LBRule. |
string | |
| match_conditions | Conditions to match application traffic A list of match conditions used to match application traffic. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion to match application traffic. If no match conditions are specified, then the load balancer rule will always match and it is used typically to define default rules. If more than one match condition is specified, then match strategy determines if all conditions should match or any one condition should match for the load balancer rule to considered a match. |
array of LBRuleCondition (Abstract type: pass one of the following concrete types) LBHttpRequestBodyCondition LBHttpRequestCookieCondition LBHttpRequestHeaderCondition LBHttpRequestMethodCondition LBHttpRequestUriArgumentsCondition LBHttpRequestUriCondition LBHttpRequestVersionCondition LBHttpResponseHeaderCondition LBHttpSslCondition LBIpHeaderCondition LBSslSniCondition LBTcpHeaderCondition LBVariableCondition |
Maximum items: 60 |
| match_strategy | Match strategy for determining match of multiple conditions If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LB Rule to be considered a match. - ALL indicates that both host_match and path_match must match for this LBRule to be considered a match. - ANY indicates that either host_match or patch match may match for this LBRule to be considered a match. |
string | Enum: ALL, ANY Default: "ANY" |
| phase | Load balancer processing phase Each load balancer rule is used at a specific phase of load balancer processing. Currently five phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT. When an HTTP request message is received by load balancer, all HTTP_REQUEST_REWRITE rules, if present are executed in the order they are applied to virtual server. And then if HTTP_FORWARDING rules present, only first matching rule's action is executed, remaining rules are not checked. HTTP_FORWARDING rules can have only one action. If the request is forwarded to a backend server and the response goes back to load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed in the order they are applied to the virtual server. In HTTP_ACCESS phase, user can define action to control access using JWT authentication. In TRANSPORT phase, user can define the condition to match SNI in TLS client hello and define the action to do SSL end-to-end, SSL offloading or SSL passthrough using a specific load balancer server pool. |
string | Enum: HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS, TRANSPORT Default: "HTTP_FORWARDING" |
LBRuleAction (schema) (Deprecated)
Load balancer rule action
Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions.
Supported actions in HTTP_REQUST_REWRITE phase are:
LBHttpRequestUriRewriteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestHeaderDeleteAction
LBVariableAssignmentAction
Supported actions in HTTP_FORWARDING phase are:
LBHttpRejectAction
LBHttpRedirectAction
LBSelectPoolAction
LBVariablePersistenceOnAction
LBConnectionDropAction
Supported action in HTTP_RESPONSE_REWRITE phase is:
LBHttpResponseHeaderRewriteAction
LBHttpResponseHeaderDeleteAction
LBVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is:
LBJwtAuthAction
LBConnectionDropAction
LBVariableAssignmentAction
Supported action in TRANSPORT phase is:
LBSslModeSelectionAction
LBSelectPoolAction
If the match type of an LBRuleCondition field is specified as REGEX and
named capturing groups are used in the specified regular expression. The
groups can be used as variables in LBRuleAction fields.
For example, define a rule with LBHttpRequestUriCondition as match
condition and LBHttpRequestUriRewriteAction as action. Set match_type field
of LBHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)".
Set uri field of LBHttpRequestUriRewriteAction to:
"/news/$year-$month/$article"
In uri field of LBHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LBHttpRequestUriRewriteAction.
For a matched HTTP request with URI "/news/2017/06/xyz.html", the substring
"2017" is captured in variable $year, "06" is captured in variable $month,
and "xyz.html" is captured in variable $article. The
LBHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html"
A set of built-in variables can be used in LBRuleAction as well. The name
of built-in variables start with underscore, the name of user defined
variables is not allowed to start with underscore.
Following are some of the built-in variables:
$_scheme: Reference the scheme part of matched HTTP messages, could be
"http" or "https".
$_host: Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https.
$_uri: The URI path, for example "/products/sample.html".
$_request_uri: Full original request URI with arguments, for example,
"/products/sample.html?a=b&c=d".
$_args: URI arguments, for instance "a=b&c=d"
$_is_args: "?" if a request has URI arguments, or an empty string
otherwise.
For the full list of built-in variables, please reference the NSX-T
Administrator's Guide.
This is an abstract type. Concrete child types:
LBConnectionDropAction
LBHttpRedirectAction
LBHttpRejectAction
LBHttpRequestHeaderDeleteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestUriRewriteAction
LBHttpResponseHeaderDeleteAction
LBHttpResponseHeaderRewriteAction
LBJwtAuthAction
LBSelectPoolAction
LBSslModeSelectionAction
LBVariableAssignmentAction
LBVariablePersistenceLearnAction
LBVariablePersistenceOnAction
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type of load balancer rule action The property identifies the load balancer rule action type. |
LBRuleActionType | Required |
LBRuleActionType (schema) (Deprecated)
Types of load balancer rule actions
Types of load balancer rule actions.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBRuleActionType | Types of load balancer rule actions Types of load balancer rule actions. |
string | Deprecated Enum: LBSelectPoolAction, LBHttpRequestUriRewriteAction, LBHttpRequestHeaderRewriteAction, LBHttpRejectAction, LBHttpRedirectAction, LBHttpResponseHeaderRewriteAction, LBHttpRequestHeaderDeleteAction, LBHttpResponseHeaderDeleteAction, LBVariableAssignmentAction, LBVariablePersistenceOnAction, LBVariablePersistenceLearnAction, LBJwtAuthAction, LBSslModeSelectionAction, LBConnectionDropAction |
LBRuleCondition (schema) (Deprecated)
Match condition of load balancer rule
Match conditions are used to match application traffic passing through
load balancers. Multiple match conditions can be specified in one load
balancer rule, each match condition defines a criterion for application
traffic.
If inverse field is set to true, the match result of the condition is
inverted.
If more than one match condition is specified, match strategy determines
if all conditions should match or any one condition should match for the
load balancer rule to be considered a match.
Currently only HTTP messages are supported by load balancer rules.
Each load balancer rule is used at a specific phase of load balancer
processing. Currently three phases are supported, HTTP_REQUEST_REWRITE,
HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match conditions in HTTP_FORWARDING phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
LBSslSniCondition
Supported match conditions in HTTP_RESPONSE_REWRITE phase are:
LBHttpResponseHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in HTTP_ACCESS phase is:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in TRANSPORT phase is:
LBSslSniCondition
This is an abstract type. Concrete child types:
LBHttpRequestBodyCondition
LBHttpRequestCookieCondition
LBHttpRequestHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestUriCondition
LBHttpRequestVersionCondition
LBHttpResponseHeaderCondition
LBHttpSslCondition
LBIpHeaderCondition
LBSslSniCondition
LBTcpHeaderCondition
LBVariableCondition
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| type | Type of load balancer rule condition | LBRuleConditionType | Required |
LBRuleConditionType (schema) (Deprecated)
Type of load balancer rule match condition
Type of load balancer rule match condition.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBRuleConditionType | Type of load balancer rule match condition Type of load balancer rule match condition. |
string | Deprecated Enum: LBHttpRequestUriCondition, LBHttpRequestHeaderCondition, LBHttpRequestMethodCondition, LBHttpRequestUriArgumentsCondition, LBHttpRequestVersionCondition, LBHttpRequestCookieCondition, LBHttpRequestBodyCondition, LBHttpResponseHeaderCondition, LBTcpHeaderCondition, LBIpHeaderCondition, LBVariableCondition, LBHttpSslCondition, LBSslSniCondition |
LBSelectPoolAction (schema) (Deprecated)
Action to select a pool for HTTP request messages
This action is used to select a pool for matched HTTP request messages. The
pool is specified by path. The matched HTTP request messages are forwarded
to the specified pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| pool_id | Path of load balancer pool Path of load balancer pool. |
string | Required |
| type | Must be set to the value LBSelectPoolAction | LBRuleActionType | Required |
LBServerAuthType (schema) (Deprecated)
server authentication mode
Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to
specify if the server certificate presented to the load balancer during
handshake should be actually validated or not.
Validation is automatic by default when server_auth_ca_certificate_paths are
configured and IGNORED when they are not configured.
If validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBServerAuthType | server authentication mode Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to specify if the server certificate presented to the load balancer during handshake should be actually validated or not. Validation is automatic by default when server_auth_ca_certificate_paths are configured and IGNORED when they are not configured. If validation is REQUIRED, then to be accepted, server certificate must be signed by one of the trusted CAs whose self signed certificates are specified in the same server-side SSL profile binding. |
string | Deprecated Enum: REQUIRED, IGNORE, AUTO_APPLY |
LBServerSslProfile (schema) (Deprecated)
Server SSL profile
Server SSL profile.
LBServerSslProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cipher_group_label | Label of cipher group It is a label of cipher group which is mostly consumed by GUI. |
SslCipherGroup | |
| ciphers | Supported SSL cipher list to client side Supported SSL cipher list to client side. |
array of SslCipher | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_fips | FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant. |
boolean | Readonly |
| is_secure | Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| protocols | Supported SSL protocol list to client side SSL version TLS1.2 is supported and enabled. |
array of SslProtocol | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBServerSslProfile | string | |
| session_cache_enabled | Session cache activate/deactivate falg SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. |
boolean | Default: "True" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBServerSslProfileBinding (schema) (Deprecated)
Server SSL profile binding
Server SSL profile binding.
LBServerSslProfileBinding is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_chain_depth | The maximum traversal depth of server certificate chain Authentication depth is used to set the verification depth in the server certificates chain. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| client_certificate_path | Client certificate path To support client authentication (load balancer acting as a client authenticating to the backend server), client certificate can be specified in the server-side SSL profile binding |
string | |
| server_auth | Server authentication mode Server authentication mode. |
LBServerAuthType | Default: "AUTO_APPLY" |
| server_auth_ca_paths | CA path list to verify server certificate If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. |
array of string | |
| server_auth_crl_paths | CRL path list to verify server certificate A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates. |
array of string | |
| ssl_profile_path | Server SSL profile path Server SSL profile defines reusable, application-independent server side SSL properties. |
string |
LBServerSslProfileListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of load balancer server SSL profiles | array of LBServerSslProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LBSessionCookieTime (schema) (Deprecated)
Session cookie time
Session cookie time.
| Name | Description | Type | Notes |
|---|---|---|---|
| cookie_max_idle | Session cookie max idle time in seconds Instead of using HTTP Cookie max-age and relying on client to expire the cookie, max idle time and/or max lifetime of the cookie can be used. Max idle time, if configured, specifies the maximum interval the cookie is valid for from the last time it was seen in a request. It is available for insert mode. |
integer | Minimum: 1 Maximum: 2147483647 |
| cookie_max_life | Session cookie max lifetime in seconds Max life time, if configured, specifies the maximum interval the cookie is valid for from the first time the cookie was seen in a request. It is available for insert mode. |
integer | Minimum: 1 Maximum: 2147483647 |
| type | Must be set to the value LBSessionCookieTime | LBCookieTimeType | Required |
LBSnatAutoMap (schema) (Deprecated)
Snat auto map
Snat auto map.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBSnatAutoMap | LBSnatTranslationType | Required |
LBSnatIpElement (schema) (Deprecated)
Snat Ip element
Snat Ip element.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | Ip address or ip range Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160. |
IPElement | Required |
| prefix_length | Subnet prefix length Subnet prefix length should be not specified if there is only one single IP address or IP range. |
integer |
LBSnatIpPool (schema) (Deprecated)
Snat Ip pool
Snat Ip pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | List of Ip address or ip range If an IP range is specified, the range may contain no more than 64 IP addresses. |
array of LBSnatIpElement | Required Maximum items: 64 |
| type | Must be set to the value LBSnatIpPool | LBSnatTranslationType | Required |
LBSslModeSelectionAction (schema) (Deprecated)
Action to select SSL mode
This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.
| Name | Description | Type | Notes |
|---|---|---|---|
| ssl_mode | Type of SSL mode SSL Passthrough: LB establishes a TCP connection with client and another connection with selected backend server. LB won't inspect the stream data between client and backend server, but just pass it through. Backend server exchanges SSL connection with client. SSL Offloading: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTP without SSL. LB estalishes new connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. SSL End-to-End: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTPS. LB estalishes new SSL connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. |
string | Required Enum: SSL_PASSTHROUGH, SSL_END_TO_END, SSL_OFFLOAD |
| type | Must be set to the value LBSslModeSelectionAction | LBRuleActionType | Required |
LBSslProfile (schema) (Deprecated)
Load balancer abstract SSL profile
Load balancer abstract SSL profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBSslProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBSslSniCondition (schema) (Deprecated)
Condition to match SSL SNI in client hello
This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for SNI comparing If true, case is significant when comparing SNI value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of SNI | LbRuleMatchType | Default: "REGEX" |
| sni | The server name indication The SNI(Server Name indication) in client hello message. |
string | Required |
| type | Must be set to the value LBSslSniCondition | LBRuleConditionType | Required |
LBTcpHeaderCondition (schema) (Deprecated)
Condition to match TCP header fields
This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| source_port | TCP source port of HTTP message | PortElement | Required |
| type | Must be set to the value LBTcpHeaderCondition | LBRuleConditionType | Required |
LBTcpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over TCP
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the
LBRule object. This represents active health monitoring over TCP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member
will the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring
the member back to UP state. After a healthcheck is initiated, if it
does not complete within a certain period, then also
the healthcheck is considered to be unsuccessful. Completing a
healthcheck within timeout means establishing a connection (TCP or SSL),
if applicable, sending the request and receiving the response, all within
the configured timeout.
LBTcpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| receive | Expected data received from server Expected data, if specified, can be anywhere in the response and it has to be a string, regular expressions are not supported. |
string | |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBTcpMonitorProfile | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| send | Data to send If both send and receive are not specified, then just a TCP connection is established (3-way handshake) to validate server is healthy, no data is sent. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBUdpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over UDP
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over UDP. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBUdpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| receive | Expected data received from server Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period. |
string | Required |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| resource_type | Must be set to the value LBUdpMonitorProfile | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| send | Data to send The data to be sent to the monitored server. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBVariableAssignmentAction (schema) (Deprecated)
Action to create variable and assign value to it
This action is used to create a new variable and assign value to it.
One action can be used to create one variable. To create multiple
variables, multiple actions must be defined.
The variables can be used by LBVariableCondition, etc.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBVariableAssignmentAction | LBRuleActionType | Required |
| variable_name | Name of the variable to be assigned Name of the variable to be assigned. |
string | Required |
| variable_value | Value of variable Value of variable. |
string | Required |
LBVariableCondition (schema) (Deprecated)
Condition to match IP header fields
This condition is used to match variable's name and value at all
phases. The variables could be captured from REGEX or assigned by
LBVariableAssignmentAction or system embedded variable. Varialbe_name
and variable_value should be matched at the same time.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for variable value comparing If true, case is significant when comparing variable value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of variable value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBVariableCondition | LBRuleConditionType | Required |
| variable_name | Name of the variable to be matched | string | Required |
| variable_value | Value of variable to be matched | string | Required |
LBVariablePersistenceLearnAction (schema) (Deprecated)
Action to learn the variable value
This action is performed in HTTP response rewrite phase. It is used to
learn the value of variable from the HTTP response, and insert an entry
into the persistence table if the entry doesn't exist.
| Name | Description | Type | Notes |
|---|---|---|---|
| persistence_profile_path | Path to LBPersistenceProfile If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. |
string | |
| type | Must be set to the value LBVariablePersistenceLearnAction | LBRuleActionType | Required |
| variable_hash_enabled | Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key. |
boolean | Default: "False" |
| variable_name | Variable name The property is the name of variable to be learnt. It is used to identify which variable's value is learnt from HTTP response. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. |
string | Required |
LBVariablePersistenceOnAction (schema) (Deprecated)
Action to persist the variable value
This action is performed in HTTP forwarding phase. It is used to inspect
the variable of HTTP request, and look up the persistence entry with its
value and pool uuid as key.
If the persistence entry is found, the HTTP request is forwarded to the
recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the
table after backend server is selected.
| Name | Description | Type | Notes |
|---|---|---|---|
| persistence_profile_path | Path to LBPersistenceProfile If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. |
string | |
| type | Must be set to the value LBVariablePersistenceOnAction | LBRuleActionType | Required |
| variable_hash_enabled | Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key. |
boolean | Default: "False" |
| variable_name | Variable name The property is the name of variable to be used. It specifies which variable's value of a HTTP Request will be used in the key of persistence entry. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. |
string | Required |
LBXForwardedForType (schema) (Deprecated)
X-forwarded-for type
X-forwarded-for type.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBXForwardedForType | X-forwarded-for type X-forwarded-for type. |
string | Deprecated Enum: INSERT, REPLACE |
Lag (schema) (Deprecated)
LACP group
| Name | Description | Type | Notes |
|---|---|---|---|
| id | unique id | string | Readonly |
| load_balance_algorithm | LACP load balance Algorithm | string | Required Enum: SRCMAC, DESTMAC, SRCDESTMAC, SRCDESTIPVLAN, SRCDESTMACIPPORT |
| mode | LACP group mode | string | Required Enum: ACTIVE, PASSIVE |
| name | Lag name | string | Required |
| number_of_uplinks | number of uplinks | int | Required Minimum: 2 Maximum: 32 |
| timeout_type | LACP timeout type | string | Enum: SLOW, FAST Default: "SLOW" |
| uplinks | uplink names | array of Uplink | Readonly Maximum items: 32 |
LbActiveMonitor (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | num of consecutive checks must fail before marking it down | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | the frequency at which the system issues the monitor check (in second) | integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| monitor_port | port which is used for healthcheck If the monitor port is specified, it would override pool member port setting for healthcheck. A port range is not supported. For ICMP monitor, monitor_port is not required. |
PortElement | |
| resource_type | Must be set to the value LbActiveMonitor | MonitorType | Required |
| rise_count | num of consecutive checks must pass before marking it up | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | the number of seconds the target has in which to respond to the monitor request | integer | Minimum: 1 Maximum: 2147483647 Default: "15" |
LbClientCertificateIssuerDnCondition (schema) (Deprecated)
Match condition for client certificate issuer DN
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for issuer DN comparing If true, case is significant when comparing issuer DN value. |
boolean | Default: "True" |
| issuer_dn | Value of issuer DN Value of issuer DN. The format should follow RFC 2253. |
string | Required |
| match_type | Match type of issuer DN | LbRuleMatchType | Default: "REGEX" |
LbClientCertificateSubjectDnCondition (schema) (Deprecated)
Match condition for client certificate subject DN
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for subject DN comparing If true, case is significant when comparing subject DN value. |
boolean | Default: "True" |
| match_type | Match type of subject DN | LbRuleMatchType | Default: "REGEX" |
| subject_dn | Value of subject DN Value of subject DN. The format should follow RFC 2253. |
string | Required |
LbClientSslProfile (schema) (Deprecated)
The object is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| cipher_group_label | Label of cipher group It is a label of cipher group which is mostly consumed by GUI. |
SslCipherGroup | |
| ciphers | supported SSL cipher list to client side | array of SslCipher | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_fips | FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant. |
boolean | Readonly |
| is_secure | Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. |
boolean | Readonly |
| prefer_server_ciphers | prefer server ciphers flag During SSL handshake as part of the SSL client Hello client sends an ordered list of ciphers that it can support (or prefers) and typically server selects the first one from the top of that list it can also support. For Perfect Forward Secrecy(PFS), server could override the client's preference. |
boolean | Default: "True" |
| protocols | supported SSL protocol list to client side Only TLS 1.2 is supported and enabled. |
array of SslProtocol | |
| resource_type | Must be set to the value LbClientSslProfile | string | |
| session_cache_enabled | session cache enable/disable flag SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. |
boolean | Default: "True" |
| session_cache_timeout | SSL session cache timeout value Session cache timeout specifies how long the SSL session parameters are held on to and can be reused. |
integer | Minimum: 1 Maximum: 86400 Default: "300" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LbClientSslProfileListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | paginated list of load balancer client SSL profiles | array of LbClientSslProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LbConnectionDropAction (schema) (Deprecated)
Action to drop connections
This action is used to drop the connections. There is no extra property in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING phase.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LbConnectionDropAction | LbRuleActionType | Required |
LbCookiePersistenceProfile (schema) (Deprecated)
The object is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| cookie_domain | cookie domain HTTP cookie domain could be configured, only available for insert mode. |
string | |
| cookie_fallback | cookie persistence fallback If fallback is true, once the cookie points to a server that is down (i.e. admin state DISABLED or healthcheck state is DOWN), then a new server is selected by default to handle that request. If fallback is false, it will cause the request to be rejected if cookie points to a server |
boolean | Default: "True" |
| cookie_garble | cookie persistence garble If garble is set to true, cookie value (server IP and port) would be encrypted. If garble is set to false, cookie value would be plain text. |
boolean | Default: "True" |
| cookie_httponly | Cookie httponly flag If cookie httponly flag is true, it prevents a script running in the browser from accessing the cookie. Only available for insert mode. |
boolean | Default: "False" |
| cookie_mode | cookie persistence mode | CookiePersistenceModeType | Default: "INSERT" |
| cookie_name | cookie name | string | Required |
| cookie_path | cookie path HTTP cookie path could be set, only available for insert mode. |
string | |
| cookie_secure | Cookie secure flag If cookie secure flag is true, it prevents the browser from sending a cookie over http. The cookie is sent only over https. Only available for insert mode. |
boolean | Default: "False" |
| cookie_time | cookie time setting Both session cookie and persistence cookie are supported, if not specified, it's a session cookie. It expires when the browser is closed. |
LbCookieTime (Abstract type: pass one of the following concrete types) LbPersistenceCookieTime LbSessionCookieTime |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| persistence_shared | Persistence shared flag The persistence shared flag identifies whether the persistence table is shared among virtual-servers referring this profile. If persistence shared flag is not set in the cookie persistence profile bound to a virtual server, it defaults to cookie persistence that is private to each virtual server and is qualified by the pool. This is accomplished by load balancer inserting a cookie with name in the format <name>.<virtual_server_id>.<pool_id>. If persistence shared flag is set in the cookie persistence profile, in cookie insert mode, cookie persistence could be shared across multiple virtual servers that are bound to the same pools. The cookie name would be changed to <name>.<profile-id>.<pool-id>. If persistence shared flag is not set in the sourceIp persistence profile bound to a virtual server, each virtual server that the profile is bound to maintains its own private persistence table. If persistence shared flag is set in the sourceIp persistence profile, all virtual servers the profile is bound to share the same persistence table. If persistence shared flag is not set in the generic persistence profile, the persistence entries are matched and stored in the table which is identified using both virtual server ID and profile ID. If persistence shared flag is set in the generic persistence profile, the persistence entries are matched and stored in the table which is identified using profile ID. It means that virtual servers which consume the same profile in the LbRule with this flag enabled are sharing the same persistence table. |
boolean | Default: "False" |
| resource_type | Must be set to the value LbCookiePersistenceProfile | PersistenceProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LbCookieTime (schema) (Deprecated)
This is an abstract type. Concrete child types:
LbPersistenceCookieTime
LbSessionCookieTime
| Name | Description | Type | Notes |
|---|---|---|---|
| type | CookieTimeType | Required |
LbEdgeNodeUsage (schema) (Deprecated)
The load balancer usage for an edge node
The capacity contains basic information and load balancer entity usages
and capacity for the given edge node.
| Name | Description | Type | Notes |
|---|---|---|---|
| current_credit_number | Current credit number The current credit number reflects the current usage on the node. For example, configuring a medium load balancer on a node consumes 10 credits. If there are 2 medium instances configured on a node, the current credit number is 2 * 10 = 20. |
integer | Readonly |
| current_large_load_balancer_services | The current number of large load balancer services The number of large load balancer services configured on the node. |
integer | Readonly |
| current_medium_load_balancer_services | The current number of medium load balancer services The number of medium load balancer services configured on the node. |
integer | Readonly |
| current_pool_members | The current number of pool members The number of pool members configured on the node. |
integer | Readonly |
| current_pools | The current number of pools The number of pools configured on the node. |
integer | Readonly |
| current_small_load_balancer_services | The current number of small load balancer services The number of small load balancer services configured on the node. |
integer | Readonly |
| current_virtual_servers | The current number of virtual servers The number of virtual servers configured on the node. |
integer | Readonly |
| current_xlarge_load_balancer_services | The current number of xlarge load balancer services The number of xlarge load balancer services configured on the node. |
integer | Readonly |
| edge_cluster_id | The ID of edge cluster The ID of edge cluster which contains the edge node. |
string | Readonly |
| form_factor | The form factor of the given edge node The form factor of the given edge node. |
string | Readonly Enum: SMALL_VIRTUAL_MACHINE, MEDIUM_VIRTUAL_MACHINE, LARGE_VIRTUAL_MACHINE, XLARGE_VIRTUAL_MACHINE, PHYSICAL_MACHINE |
| node_id | The UUID of the node for load balancer node usage The property identifies the node UUID for load balancer node usage. |
string | Required |
| remaining_credit_number | Remaining credit number The remaining credit number is the remaining credits that can be used for load balancer service configuration. For example, an edge node with form factor LARGE_VIRTUAL_MACHINE has 40 credits, and a medium load balancer instance costs 10 credits. If there are currently 3 medium instances configured, the remaining credit number is 40 - (3 * 10) = 10. |
integer | Readonly |
| remaining_large_load_balancer_services | The remaining number of large load balancer services The remaining number of large load balancer services which could be configured on the given edge node. |
integer | Readonly |
| remaining_medium_load_balancer_services | The remaining number of medium load balancer services The remaining number of medium load balancer services which could be configured on the given edge node. |
integer | Readonly |
| remaining_pool_members | The remaining number of pool members The remaining number of pool members which could be configured on the given edge node. |
integer | Readonly |
| remaining_small_load_balancer_services | The remaining number of small load balancer services The remaining number of small load balancer services which could be configured on the given edge node. |
integer | Readonly |
| remaining_xlarge_load_balancer_services | The remaining number of xlarge load balancer services The remaining number of xlarge load balancer services which could be configured on the given edge node. |
integer | Readonly |
| severity | LB usage severity The severity calculation is based on current credit usage percentage of load balancer for one node. |
LbUsageSeverity | Readonly |
| type | Must be set to the value LbEdgeNodeUsage | LbNodeUsageType | Required |
| usage_percentage | Usage percentage The usage percentage of the edge node for load balancer. The value is the larger value between load balancer credit usage percentage and pool member usage percentage for the edge node. |
number | Readonly |
LbGenericPersistenceProfile (schema) (Deprecated)
LB generic persistence profile
The profile is used to define the persistence entry expiration time,
mirroring enabled flag to synchronize persistence entries, persistence
shared flag for the associated virtual servers. The profile cannot be
attached to virtual server directly, it can be only consumed by LB rule
action. In HTTP forwarding phase, LBVariablePersistenceOnAction can be
used to consume LbGenericPersistenceProfile. In HTTP response rewriting
phase, LBVariablePersistenceLearnAction is used instead.
The object is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ha_persistence_mirroring_enabled | Mirroring enabled flag The mirroring enabled flag is to synchronize persistence entries. Persistence entries are not synchronized to the HA peer by default. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| persistence_shared | Persistence shared flag The persistence shared flag identifies whether the persistence table is shared among virtual-servers referring this profile. If persistence shared flag is not set in the cookie persistence profile bound to a virtual server, it defaults to cookie persistence that is private to each virtual server and is qualified by the pool. This is accomplished by load balancer inserting a cookie with name in the format <name>.<virtual_server_id>.<pool_id>. If persistence shared flag is set in the cookie persistence profile, in cookie insert mode, cookie persistence could be shared across multiple virtual servers that are bound to the same pools. The cookie name would be changed to <name>.<profile-id>.<pool-id>. If persistence shared flag is not set in the sourceIp persistence profile bound to a virtual server, each virtual server that the profile is bound to maintains its own private persistence table. If persistence shared flag is set in the sourceIp persistence profile, all virtual servers the profile is bound to share the same persistence table. If persistence shared flag is not set in the generic persistence profile, the persistence entries are matched and stored in the table which is identified using both virtual server ID and profile ID. If persistence shared flag is set in the generic persistence profile, the persistence entries are matched and stored in the table which is identified using profile ID. It means that virtual servers which consume the same profile in the LbRule with this flag enabled are sharing the same persistence table. |
boolean | Default: "False" |
| resource_type | Must be set to the value LbGenericPersistenceProfile | PersistenceProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Persistence entry expiration time in seconds When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. |
integer | Minimum: 1 Maximum: 2147483647 Default: "300" |
LbHttpMonitor (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | num of consecutive checks must fail before marking it down | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | the frequency at which the system issues the monitor check (in second) | integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| monitor_port | port which is used for healthcheck If the monitor port is specified, it would override pool member port setting for healthcheck. A port range is not supported. For ICMP monitor, monitor_port is not required. |
PortElement | |
| request_body | String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. | string | |
| request_headers | Array of HTTP request headers | array of LbHttpRequestHeader | |
| request_method | the health check method for HTTP monitor type | HttpRequestMethodType | Default: "GET" |
| request_url | URL used for HTTP monitor | string | |
| request_version | HTTP request version | HttpRequestVersionType | Default: "HTTP_VERSION_1_1" |
| resource_type | Must be set to the value LbHttpMonitor | MonitorType | Required |
| response_body | response body to match If HTTP response body match string (regular expressions not supported) is specified (using LbHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. |
string | |
| response_status_codes | Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code. |
array of int | Maximum items: 64 |
| rise_count | num of consecutive checks must pass before marking it up | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | the number of seconds the target has in which to respond to the monitor request | integer | Minimum: 1 Maximum: 2147483647 Default: "15" |
LbHttpProfile (schema) (Deprecated)
The object is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| http_redirect_to | http redirect static URL If a website is temporarily down or has moved, incoming requests for that virtual server can be temporarily redirected to a URL |
string | |
| http_redirect_to_https | flag to indicate whether enable HTTP-HTTPS redirect Certain secure applications may want to force communication over SSL, but instead of rejecting non-SSL connections, they may choose to redirect the client automatically to use SSL. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | HTTP application idle timeout in seconds It is used to specify the HTTP application idle timeout, it means that how long the load balancer will keep the connection idle to wait for the client to send the next keep-alive request. It is not a TCP socket setting. |
integer | Minimum: 1 Maximum: 5400 Default: "15" |
| ntlm | NTLM support flag NTLM is an authentication protocol that can be used over HTTP. If the flag is set to true, LB will use NTLM challenge/response methodology. This property is deprecated. Please use the property server_keep_alive in order to keep the backend server connection alive for the client connection. When create a new profile, if both ntlm and server_keep_alive are set as different values, ERROR will be reported. When update an existing profile, if either ntlm or server_keep_alive value is changed, both of them are updated with the changed value. |
boolean | Deprecated |
| request_body_size | Maximum size of the buffer used to store HTTP request body If it is not specified, it means that request body size is unlimited. |
integer | Minimum: 1 Maximum: 2147483647 |
| request_header_size | Maximum size of the buffer used to store HTTP request headers A request with header equal to or below this size is guaranteed to be processed. A request with header larger than request_header_size will be processed up to 32K bytes on best effort basis. |
integer | Minimum: 1 Default: "1024" |
| resource_type | Must be set to the value LbHttpProfile | ApplicationProfileType | Required |
| response_buffering | Enable or disable buffering of responses When buffering is disabled, the response is passed to a client synchronously, immediately as it is received. When buffering is enabled, LB receives a response from the backend server as soon as possible, saving it into the buffers. |
boolean | Default: "False" |
| response_header_size | Maximum size of the buffer used to store HTTP response headers A response with header larger than response_header_size will be dropped. |
integer | Minimum: 1 Maximum: 65536 Default: "4096" |
| response_timeout | Maximum server idle time in seconds If server doesn't send any packet within this time, the connection is closed. |
integer | Minimum: 1 Maximum: 2147483647 Default: "60" |
| server_keep_alive | Server keep-alive flag If server_keep_alive is true, it means the backend connection will keep alive for the client connection. Every client connection is tied 1:1 with the corresponding server-side connection. If server_keep_alive is false, it means the backend connection won't keep alive for the client connection. The default value is false. If server_keep_alive is not specified for API input, its value in API output will be the same with the property ntlm. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| x_forwarded_for | insert or replace x_forwarded_for When X-Forwareded-For is configured, X-Forwarded-Proto and X-Forwarded-Port information is added automatically. The two additional header information can be also modified or deleted in load balancer rules. |
XForwardedForType |
LbHttpRedirectAction (schema) (Deprecated)
Action to redirect HTTP request messages
This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser).
The HTTP status code for redirection is 3xx, for example, 301, 302, 303,
307, etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message.
Captured variables and built-in variables can be used in redirect_url field.
For example, to redirect all HTTP requests to HTTPS requests for a virtual
server. We create an LbRule without any conditions, add an
LbHttpRedirectAction to the rule. Set the
redirect_url field of the LbHttpRedirectAction to:
https://$_host$_request_uri
And set redirect_status to "302", which means found. This rule will
redirect all HTTP requests to HTTPS server port on the same host.
| Name | Description | Type | Notes |
|---|---|---|---|
| redirect_status | HTTP response status code | string | Required |
| redirect_url | The URL that the HTTP request is redirected to | string | Required |
| type | Must be set to the value LbHttpRedirectAction | LbRuleActionType | Required |
LbHttpRejectAction (schema) (Deprecated)
Action to reject HTTP request messages
This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LbHttpRejectAction does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| reply_message | Response message | string | |
| reply_status | HTTP response status code | string | Required |
| type | Must be set to the value LbHttpRejectAction | LbRuleActionType | Required |
LbHttpRequestBodyCondition (schema) (Deprecated)
Condition to match content of HTTP request message body
This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body.
The match_type field defines how body_value field is used to match the body
of HTTP requests.
| Name | Description | Type | Notes |
|---|---|---|---|
| body_value | HTTP request body | string | Required |
| case_sensitive | A case sensitive flag for HTTP body comparing If true, case is significant when comparing HTTP body value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP body | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LbHttpRequestBodyCondition | LbRuleConditionType | Required |
LbHttpRequestCookieCondition (schema) (Deprecated)
Condition to match HTTP request cookie
This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for cookie value comparing If true, case is significant when comparing cookie value. |
boolean | Default: "True" |
| cookie_name | Name of cookie | string | Required |
| cookie_value | Value of cookie | string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of cookie value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LbHttpRequestCookieCondition | LbRuleConditionType | Required |
LbHttpRequestHeader (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of HTTP request header | string | Required |
| header_value | Value of HTTP request header | string | Required |
LbHttpRequestHeaderCondition (schema) (Deprecated)
Condition to match HTTP request header
This condition is used to match HTTP request messages by HTTP header
fields. HTTP header fields are components of the header section of HTTP
request and response messages. They define the operating parameters of an
HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
requests. The header_name field does not support match types.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value. |
boolean | Default: "True" |
| header_name | Name of HTTP header | string | Required |
| header_value | Value of HTTP header | string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP header value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LbHttpRequestHeaderCondition | LbRuleConditionType | Required |
LbHttpRequestHeaderDeleteAction (schema) (Deprecated)
Action to delete HTTP request header fields
This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP request message | string | Required |
| type | Must be set to the value LbHttpRequestHeaderDeleteAction | LbRuleActionType | Required |
LbHttpRequestHeaderRewriteAction (schema) (Deprecated)
Action to rewrite header fields of HTTP request messages.
This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of HTTP request header | string | Required |
| header_value | Value of HTTP request header | string | Required |
| type | Must be set to the value LbHttpRequestHeaderRewriteAction | LbRuleActionType | Required |
LbHttpRequestMethodCondition (schema) (Deprecated)
Condition to match method of HTTP request messages
This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to
GET in this condition, any HTTP request with GET method matches the
condition.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| method | Type of HTTP request method | HttpRequestMethodType | Required |
| type | Must be set to the value LbHttpRequestMethodCondition | LbRuleConditionType | Required |
LbHttpRequestUriArgumentsCondition (schema) (Deprecated)
Condition to match URI arguments of HTTP requests
This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?")
character and terminated by a number sign ("#") character or by the end of
the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LbRuleAction fields which support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for URI arguments comparing If true, case is significant when comparing URI arguments. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of URI arguments | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LbHttpRequestUriArgumentsCondition | LbRuleConditionType | Required |
| uri_arguments | URI arguments URI arguments, aka query string of URI. |
string | Required |
LbHttpRequestUriCondition (schema) (Deprecated)
Condition to match URIs of HTTP request messages
This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression.
If an HTTP request message is requesting an URI which matches specified
regular expression, it matches the condition.
The syntax of whole URI looks like this:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI.
When match_type field is specified as REGEX, the uri field is used as a
regular expression to match URI path of HTTP requests. For example, to
match any URI that has "/image/" or "/images/", uri field can be specified
as: "/image[s]?/".
Named capturing groups can be used in the uri field to capture substrings
of matched URIs and store them in variables for use in LbRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)"
If the URI path is /articles/news/2017/06/xyz.html, then substring "2017"
is captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then
be used in an LbRuleAction field which supports variables, such as uri
field of LbHttpRequestUriRewriteAction. For example, set the uri field
of LbHttpRequestUriRewriteAction as:
"/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for URI comparing If true, case is significant when comparing URI. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of URI | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LbHttpRequestUriCondition | LbRuleConditionType | Required |
| uri | A string used to identify resource | string | Required |
LbHttpRequestUriRewriteAction (schema) (Deprecated)
Action to rewrite HTTP request URIs.
This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values.
Full URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
The uri field of this action is used to rewrite the /path part in above
scheme. And the uri_arguments field is used to rewrite the query part.
Captured variables and built-in variables can be used in the uri and
uri_arguments fields.
Check the example in LbRuleAction to see how to use variables in this
action.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LbHttpRequestUriRewriteAction | LbRuleActionType | Required |
| uri | URI of HTTP request | string | Required |
| uri_arguments | URI arguments Query string of URI, typically contains key value pairs, for example: foo1=bar1&foo2=bar2 |
string |
LbHttpRequestVersionCondition (schema) (Deprecated)
Condition to match HTTP protocol version of HTTP requests
This condition is used to match the HTTP protocol version of the HTTP
request messages.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| type | Must be set to the value LbHttpRequestVersionCondition | LbRuleConditionType | Required |
| version | HTTP version | HttpRequestVersionType | Required |
LbHttpResponseHeaderCondition (schema) (Deprecated)
Condition to match a header field of HTTP response
This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization,
User-Agent, etc. One condition can be used to match one header field, to
match multiple header fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value. |
boolean | Default: "True" |
| header_name | Name of HTTP header field | string | Required |
| header_value | Value of HTTP header field | string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP header value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LbHttpResponseHeaderCondition | LbRuleConditionType | Required |
LbHttpResponseHeaderDeleteAction (schema) (Deprecated)
Action to delete HTTP response header fields
This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP response message | string | Required |
| type | Must be set to the value LbHttpResponseHeaderDeleteAction | LbRuleActionType | Required |
LbHttpResponseHeaderRewriteAction (schema) (Deprecated)
Action to rewrite HTTP response header fields
This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP request message | string | Required |
| header_value | Value of header field | string | Required |
| type | Must be set to the value LbHttpResponseHeaderRewriteAction | LbRuleActionType | Required |
LbHttpSslCondition (schema) (Deprecated)
Condition to match SSL handshake and SSL connection
This condition is used to match SSL handshake and SSL connection at
all phases.If multiple properties are configured, the rule is considered
a match when all the configured properties are matched.
| Name | Description | Type | Notes |
|---|---|---|---|
| client_certificate_issuer_dn | The issuer DN match condition of the client certificate The issuer DN match condition of the client certificate for an established SSL connection |
LbClientCertificateIssuerDnCondition | |
| client_certificate_subject_dn | The subject DN match condition of the client certificate The subject DN match condition of the client certificate for an established SSL connection |
LbClientCertificateSubjectDnCondition | |
| client_supported_ssl_ciphers | Cipher list which supported by client | array of SslCipher | |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| session_reused | The type of SSL session reused | LbSslSessionReusedType | Default: "IGNORE" |
| type | Must be set to the value LbHttpSslCondition | LbRuleConditionType | Required |
| used_protocol | Protocol of an established SSL connection | SslProtocol | |
| used_ssl_cipher | Cipher used for an established SSL connection | SslCipher |
LbHttpsMonitor (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| certificate_chain_depth | the maximum traversal depth of server certificate chain authentication depth is used to set the verification depth in the server certificates chain. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| cipher_group_label | Label of cipher group It is a label of cipher group which is mostly consumed by GUI. |
SslCipherGroup | |
| ciphers | supported SSL cipher list to servers | array of SslCipher | |
| client_certificate_id | client certificate identifier client certificate can be specified to support client authentication. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | num of consecutive checks must fail before marking it down | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | the frequency at which the system issues the monitor check (in second) | integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| is_fips | FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant.. |
boolean | Readonly |
| is_secure | Secure/Insecure monitor flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. |
boolean | Readonly |
| monitor_port | port which is used for healthcheck If the monitor port is specified, it would override pool member port setting for healthcheck. A port range is not supported. For ICMP monitor, monitor_port is not required. |
PortElement | |
| protocols | supported SSL protocol list to servers SSL version TLS1.2 is supported and enabled. |
array of SslProtocol | |
| request_body | String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. | string | |
| request_headers | Array of HTTP request headers | array of LbHttpRequestHeader | |
| request_method | the health check method for HTTP monitor type | HttpRequestMethodType | Default: "GET" |
| request_url | URL used for HTTP monitor | string | |
| request_version | HTTP request version | HttpRequestVersionType | Default: "HTTP_VERSION_1_1" |
| resource_type | Must be set to the value LbHttpsMonitor | MonitorType | Required |
| response_body | response body to match If HTTP response body match string (regular expressions not supported) is specified (using LbHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. |
string | |
| response_status_codes | Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code. |
array of int | Maximum items: 64 |
| rise_count | num of consecutive checks must pass before marking it up | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| server_auth | server authentication mode | ServerAuthType | Default: "IGNORE" |
| server_auth_ca_ids | CA identifier list to verify server certificate If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. |
array of string | |
| server_auth_crl_ids | CRL identifier list to verify server certificate A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates. |
array of string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | the number of seconds the target has in which to respond to the monitor request | integer | Minimum: 1 Maximum: 2147483647 Default: "15" |
LbIcmpMonitor (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| data_length | The data size(in byte) of the ICMP healthcheck packet | integer | Minimum: 0 Maximum: 65507 Default: "56" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | num of consecutive checks must fail before marking it down | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | the frequency at which the system issues the monitor check (in second) | integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| monitor_port | port which is used for healthcheck If the monitor port is specified, it would override pool member port setting for healthcheck. A port range is not supported. For ICMP monitor, monitor_port is not required. |
PortElement | |
| resource_type | Must be set to the value LbIcmpMonitor | MonitorType | Required |
| rise_count | num of consecutive checks must pass before marking it up | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | the number of seconds the target has in which to respond to the monitor request | integer | Minimum: 1 Maximum: 2147483647 Default: "15" |
LbIpHeaderCondition (schema) (Deprecated)
Condition to match IP header fields
This condition is used to match IP header fields of HTTP messages.
Either source_address or group_id should be specified.
| Name | Description | Type | Notes |
|---|---|---|---|
| group_id | Grouping object identifier Source IP address of HTTP message should match IP addresses which are configured in Group in order to perform actions. |
string | |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| source_address | Source IP address of HTTP message Source IP address of HTTP message. IP Address can be expressed as a single IP address like 10.1.1.1, or a range of IP addresses like 10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported. |
IPElement | |
| type | Must be set to the value LbIpHeaderCondition | LbRuleConditionType | Required |
LbJwtAuthAction (schema) (Deprecated)
Action to control access using JWT authentication
This action is used to control access to backend server resources using
JSON Web Token(JWT) authentication. The JWT authentication is done before
any HTTP manipulation if the HTTP request matches the given condition in
LbRule. Any verification failed, the HTTP process will be terminated, and
HTTP response with 401 status code and WWW-Authentication header will be
returned to client.
| Name | Description | Type | Notes |
|---|---|---|---|
| key | LbJwtKey used for verifying the signature of JWT token Keys are used for verifying the signature of JWT token. In current version, only symmetric (HMAC SHA256) key and asymmetric (RS256) key are supported. It is optional, in case no key specified, the jwt signature won't be verified. |
LbJwtKey (Abstract type: pass one of the following concrete types) LbJwtCertificateKey LbJwtPublicKey LbJwtSymmetricKey |
|
| pass_jwt_to_pool | Whether to pass the JWT to backend server or remove it Specify whether to pass the JWT to backend server or remove it. By default, it is false which means will not pass the JWT to backend servers. |
boolean | Default: "False" |
| realm | JWT realm A description of the protected area. If no realm is specified, clients often display a formatted hostname instead. The configured realm is returned when client request is rejected with 401 http status. In the response, it will be "WWW-Authentication: Bearer realm=<realm>". |
string | |
| tokens | JWT tokens JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Load balancer will search for every specified tokens one by one for the jwt message until found. This parameter is optional. In case not found or this field is not configured, load balancer searches the Bearer header by default in the http request "Authorization: Bearer <token>". |
array of string | |
| type | Must be set to the value LbJwtAuthAction | LbRuleActionType | Required |
LbJwtCertificateKey (schema) (Deprecated)
Specifies certificate used to verify the signature of JWT tokens
The key is used to specify certificate which is used to verify the
signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_id | Certificate identifier | string | Required |
| type | Must be set to the value LbJwtCertificateKey | LbJwtKeyType | Required |
LbJwtKey (schema) (Deprecated)
Load balancer JWT key
LbJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
This is an abstract type. Concrete child types:
LbJwtCertificateKey
LbJwtPublicKey
LbJwtSymmetricKey
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type of load balancer JWT key The property is used to identify JWT key type. |
LbJwtKeyType | Required |
LbJwtKeyType (schema) (Deprecated)
Type of load balancer JWT key
It is used to identify JWT key type.
| Name | Description | Type | Notes |
|---|---|---|---|
| LbJwtKeyType | Type of load balancer JWT key It is used to identify JWT key type. |
string | Deprecated Enum: LbJwtCertificateKey, LbJwtSymmetricKey, LbJwtPublicKey |
LbJwtPublicKey (schema) (Deprecated)
Specifies public key content used to verify the signature of JWT tokens
The key is used to specify the public key content which is used to verify
the signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| public_key_content | Content of public key | string | Required |
| type | Must be set to the value LbJwtPublicKey | LbJwtKeyType | Required |
LbJwtSymmetricKey (schema) (Deprecated)
Specifies the symmetric key used to verify the signature of JWT tokens
The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LbJwtSymmetricKey | LbJwtKeyType | Required |
LbMonitor (schema) (Deprecated)
The object is deprecated as NSX-T Load Balancer is deprecated.
This is an abstract type. Concrete child types:
LbHttpMonitor
LbHttpsMonitor
LbIcmpMonitor
LbPassiveMonitor
LbTcpMonitor
LbUdpMonitor
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value LbMonitor | MonitorType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LbMonitorListRequestParameters (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| type | Load balancer monitor type Specify this type parameter to retrieve a list of load balancer monitors of specified type. |
MonitorQueryType |
LbMonitorListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | paginated list of load balancer monitors | array of LbMonitor (Abstract type: pass one of the following concrete types) LbHttpMonitor LbHttpsMonitor LbIcmpMonitor LbPassiveMonitor LbTcpMonitor LbUdpMonitor |
Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LbNodeCountPerSeverity (schema) (Deprecated)
The node count for specific severity
The node count for specific load balancer usage severity.
| Name | Description | Type | Notes |
|---|---|---|---|
| node_count | Node count for specific severity Node count for specific severity. |
integer | Readonly |
| severity | LB usage severity The severity calculation is based on credit usage percentage of load balancer for one node. |
LbUsageSeverity | Readonly |
LbNodeUsage (schema) (Deprecated)
Node usage for load balancer
Node usage for load balancer contains basic information and LB entity
usages and capacity for the given node.
This is an abstract type. Concrete child types:
LbEdgeNodeUsage
| Name | Description | Type | Notes |
|---|---|---|---|
| node_id | The UUID of the node for load balancer node usage The property identifies the node UUID for load balancer node usage. |
string | Required |
| type | Type of load balancer node usage The property identifies the load balancer node usage type. |
LbNodeUsageType | Required |
LbNodeUsageSummary (schema) (Deprecated)
Lb node usage summary for all nodes
The load balancer node usage summary for all nodes. Only EdgeNode is
supported. The summary calculation is based on all edge nodes
configured in edge clusters.
| Name | Description | Type | Notes |
|---|---|---|---|
| current_credit_number | Current credit number The current credit number reflects the overall credit usage for all nodes. |
integer | Readonly |
| current_pool_members | The current number of pool members The overall number of pool members configured on all nodes. |
integer | Readonly |
| node_counts | Array of node count for each severity The property identifies array of node count for each severity (RED, ORANGE and GREEN). |
array of LbNodeCountPerSeverity | Readonly |
| node_usages | Array of lb node usages The property contains lb node usages for each node. |
array of LbNodeUsage (Abstract type: pass one of the following concrete types) LbEdgeNodeUsage |
Readonly |
| remaining_credit_number | Remaining credit number The remaining credit number is the overall remaining credits that can be used for load balancer service configuration for all nodes. |
integer | Readonly |
| remaining_pool_members | The remaining number of pool members The overall remaining number of pool members which could be configured on all nodes. |
integer | Readonly |
| severity | LB usage severity The severity calculation is based on current credit usage percentage of load balancer for all nodes. |
LbUsageSeverity | Readonly |
| usage_percentage | Usage percentage The overall usage percentage of all nodes for load balancer. The value is the larger value between overall pool member usage percentage and overall load balancer credit usage percentage. |
number | Readonly |
LbNodeUsageSummaryRequestParameters (schema) (Deprecated)
Load balancer node usage summary request parameters
Load balancer node usage summary request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| include_usages | Whether to include node usages Specify whether to include node usages in response. By default, it is false which means node usages are not included in LbNodeUsageSummary response. |
boolean |
LbNodeUsageType (schema) (Deprecated)
Node type for load balancer node usage
The node type for load balancer node usage.
| Name | Description | Type | Notes |
|---|---|---|---|
| LbNodeUsageType | Node type for load balancer node usage The node type for load balancer node usage. |
string | Deprecated Enum: LbEdgeNodeUsage |
LbPassiveMonitor (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| max_fails | number of consecutive connection failures When the consecutive failures reach this value, then the member is considered temporarily unavailable for a configurable period |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| resource_type | Must be set to the value LbPassiveMonitor | MonitorType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | timeout in seconds before it is selected again for a new connection After this timeout period, the member is tried again for a new connection to see if it is available. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
LbPersistenceCookieTime (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| cookie_max_idle | persistence cookie max idle time in seconds HTTP cookie max-age to expire cookie, only available for insert mode. |
integer | Required Minimum: 1 Maximum: 2147483647 |
| type | Must be set to the value LbPersistenceCookieTime | CookieTimeType | Required |
LbRule (schema) (Deprecated)
Load balancer rules
Load balancer rules allow customization of load balancing behavior using
match/action rules. Currently, load balancer rules are supported for only
layer 7 virtual servers with application profile LbHttpProfile.
Each application rule consists of one or more match conditions and one or
more actions.
Load balancer rules could be used by different load balancer services.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Actions to be executed A list of actions to be executed at specified phase when load balancer rule matches. The actions are used to manipulate application traffic, such as rewrite URI of HTTP messages, redirect HTTP messages, etc. |
array of LbRuleAction (Abstract type: pass one of the following concrete types) LbConnectionDropAction LbHttpRedirectAction LbHttpRejectAction LbHttpRequestHeaderDeleteAction LbHttpRequestHeaderRewriteAction LbHttpRequestUriRewriteAction LbHttpResponseHeaderDeleteAction LbHttpResponseHeaderRewriteAction LbJwtAuthAction LbSelectPoolAction LbSslModeSelectionAction LbVariableAssignmentAction LbVariablePersistenceLearnAction LbVariablePersistenceOnAction |
Required Maximum items: 60 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| match_conditions | Conditions to match application traffic A list of match conditions used to match application traffic. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion to match application traffic. If no match conditions are specified, then the load balancer rule will always match and it is used typically to define default rules. If more than one match condition is specified, then match strategy determines if all conditions should match or any one condition should match for the load balancer rule to considered a match. |
array of LbRuleCondition (Abstract type: pass one of the following concrete types) LbHttpRequestBodyCondition LbHttpRequestCookieCondition LbHttpRequestHeaderCondition LbHttpRequestMethodCondition LbHttpRequestUriArgumentsCondition LbHttpRequestUriCondition LbHttpRequestVersionCondition LbHttpResponseHeaderCondition LbHttpSslCondition LbIpHeaderCondition LbSslSniCondition LbTcpHeaderCondition LbVariableCondition |
Maximum items: 60 |
| match_strategy | Strategy to match multiple conditions Strategy to define how load balancer rule is considered a match when multiple match conditions are specified in one rule. If match_stragety is set to ALL, then load balancer rule is considered a match only if all the conditions match. If match_strategy is set to ANY, then load balancer rule is considered a match if any one of the conditions match. |
string | Required Enum: ALL, ANY |
| phase | Load balancer processing phase Each load balancer rule is used at a specific phase of load balancer processing. Currently five phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT. When an HTTP request message is received by load balancer, all HTTP_REQUEST_REWRITE rules, if present are executed in the order they are applied to virtual server. And then if HTTP_FORWARDING rules present, only first matching rule's action is executed, remaining rules are not checked. HTTP_FORWARDING rules can have only one action. If the request is forwarded to a backend server and the response goes back to load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed in the order they are applied to the virtual server. In HTTP_ACCESS phase, user can define action to control access using JWT authentication. In TRANSPORT phase, user can define the condition to match SNI in TLS client hello and define the action to do SSL end-to-end, SSL offloading or SSL passthrough using a specific load balancer server pool. |
string | Required Enum: HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS, TRANSPORT |
| resource_type | Must be set to the value LbRule | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LbRuleAction (schema) (Deprecated)
Load balancer rule action
Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions.
Supported actions in HTTP_REQUEST_REWRITE phase are:
LbHttpRequestUriRewriteAction
LbHttpRequestHeaderRewriteAction
LbHttpRequestHeaderDeleteAction
LbVariableAssignmentAction
Supported actions in HTTP_FORWARDING phase are:
LbHttpRejectAction
LbHttpRedirectAction
LbSelectPoolAction
LbVariablePersistenceOnAction
LbConnectionDropAction
Supported action in HTTP_RESPONSE_REWRITE phase is:
LbHttpResponseHeaderRewriteAction
LbHttpResponseHeaderDeleteAction
LbVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is:
LbJwtAuthAction
LbConnectionDropAction
LbVariableAssignmentAction
Supported action in TRANSPORT phase is:
LbSslModeSelectionAction
LbSelectPoolAction
If the match type of an LbRuleCondition field is specified as REGEX and
named capturing groups are used in the specified regular expression. The
groups can be used as variables in LbRuleAction fields.
For example, define a rule with LbHttpRequestUriCondition as match
condition and LbHttpRequestUriRewriteAction as action. Set match_type field
of LbHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)".
Set uri field of LbHttpRequestUriRewriteAction to:
"/news/$year-$month/$article"
In uri field of LbHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LbHttpRequestUriRewriteAction.
For a matched HTTP request with URI "/news/2017/06/xyz.html", the substring
"2017" is captured in variable $year, "06" is captured in variable $month,
and "xyz.html" is captured in variable $article. The
LbHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html"
A set of built-in variables can be used in LbRuleAction as well. The name
of built-in variables start with underscore, the name of user defined
variables is not allowed to start with underscore.
Following are some of the built-in variables:
$_scheme: Reference the scheme part of matched HTTP messages, could be
"http" or "https".
$_host: Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https.
$_uri: The URI path, for example "/products/sample.html".
$_request_uri: Full original request URI with arguments, for example,
"/products/sample.html?a=b&c=d".
$_args: URI arguments, for instance "a=b&c=d"
$_is_args: "?" if a request has URI arguments, or an empty string
otherwise.
For the full list of built-in variables, please reference the NSX-T
Administrator's Guide.
This is an abstract type. Concrete child types:
LbConnectionDropAction
LbHttpRedirectAction
LbHttpRejectAction
LbHttpRequestHeaderDeleteAction
LbHttpRequestHeaderRewriteAction
LbHttpRequestUriRewriteAction
LbHttpResponseHeaderDeleteAction
LbHttpResponseHeaderRewriteAction
LbJwtAuthAction
LbSelectPoolAction
LbSslModeSelectionAction
LbVariableAssignmentAction
LbVariablePersistenceLearnAction
LbVariablePersistenceOnAction
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type of load balancer rule action The property identifies the load balancer rule action type. |
LbRuleActionType | Required |
LbRuleActionType (schema) (Deprecated)
Types of load balancer rule actions
LbRuleActionType is used to identify the action types used in load
balancer rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| LbRuleActionType | Types of load balancer rule actions LbRuleActionType is used to identify the action types used in load balancer rules. |
string | Deprecated Enum: LbHttpRequestUriRewriteAction, LbHttpRequestHeaderRewriteAction, LbHttpRejectAction, LbHttpRedirectAction, LbSelectPoolAction, LbSelectServerAction, LbHttpResponseHeaderRewriteAction, LbHttpRequestHeaderDeleteAction, LbHttpResponseHeaderDeleteAction, LbVariableAssignmentAction, LbVariablePersistenceOnAction, LbVariablePersistenceLearnAction, LbJwtAuthAction, LbSslModeSelectionAction, LbConnectionDropAction |
LbRuleCondition (schema) (Deprecated)
Match condition of load balancer rule
Match conditions are used to match application traffic passing through
load balancers. Multiple match conditions can be specified in one load
balancer rule, each match condition defines a criterion for application
traffic.
If inverse field is set to true, the match result of the condition is
inverted.
If more than one match condition is specified, match strategy determines
if all conditions should match or any one condition should match for the
load balancer rule to be considered a match.
Currently only HTTP messages are supported by load balancer rules.
Each load balancer rule is used at a specific phase of load balancer
processing. Currently three phases are supported, HTTP_REQUEST_REWRITE,
HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are:
LbHttpRequestMethodCondition
LbHttpRequestUriCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition
LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition
LbHttpRequestBodyCondition
LbTcpHeaderCondition
LbIpHeaderCondition
LbVariableCondition
LbHttpSslCondition
Supported match conditions in HTTP_FORWARDING phase are:
LbHttpRequestMethodCondition
LbHttpRequestUriCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition
LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition
LbHttpRequestBodyCondition
LbTcpHeaderCondition
LbIpHeaderCondition
LbVariableCondition
LbHttpSslCondition
LbSslSniCondition
Supported match condition in HTTP_RESPONSE_REWRITE phase is:
LbHttpResponseHeaderCondition
LbHttpRequestMethodCondition
LbHttpRequestUriCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition
LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition
LbTcpHeaderCondition
LbIpHeaderCondition
LbVariableCondition
LbHttpSslCondition
Supported match condition in HTTP_ACCESS phase is:
LbHttpRequestMethodCondition
LbHttpRequestUriCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition
LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition
LbHttpRequestBodyCondition
LbTcpHeaderCondition
LbIpHeaderCondition
LbVariableCondition
LbHttpSslCondition
Supported match condition in TRANSPORT phase is:
LbSslSniCondition
This is an abstract type. Concrete child types:
LbHttpRequestBodyCondition
LbHttpRequestCookieCondition
LbHttpRequestHeaderCondition
LbHttpRequestMethodCondition
LbHttpRequestUriArgumentsCondition
LbHttpRequestUriCondition
LbHttpRequestVersionCondition
LbHttpResponseHeaderCondition
LbHttpSslCondition
LbIpHeaderCondition
LbSslSniCondition
LbTcpHeaderCondition
LbVariableCondition
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| type | Type of load balancer rule condition | LbRuleConditionType | Required |
LbRuleConditionType (schema) (Deprecated)
Type of load balancer rule match condition
| Name | Description | Type | Notes |
|---|---|---|---|
| LbRuleConditionType | Type of load balancer rule match condition | string | Deprecated Enum: LbHttpRequestMethodCondition, LbHttpRequestUriCondition, LbHttpRequestUriArgumentsCondition, LbHttpRequestVersionCondition, LbHttpRequestHeaderCondition, LbHttpRequestCookieCondition, LbHttpRequestBodyCondition, LbHttpResponseHeaderCondition, LbTcpHeaderCondition, LbIpHeaderCondition, LbVariableCondition, LbHttpSslCondition, LbSslSniCondition |
LbRuleListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | paginated list of LB rules | array of LbRule | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LbRuleMatchType (schema) (Deprecated)
Match type for LbRule conditions
LbRuleMatchType is used to determine how a specified string value is used
to match a specified LbRuleCondition field.
STARTS_WITH: If the LbRuleCondition field starts with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
ENDS_WITH: If the LbRuleCondition field ends with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
EQUALS: If the LbRuleCondition field is same as the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
CONTAINS: If the LbRuleCondition field contains the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
REGEX: If the LbRuleCondition field matches specified regular expression,
the condition matches. The regular expressions in load balancer rules use
the features common to both Java regular expressions and Perl Compatible
Regular Expressions (PCREs) with some restrictions. Reference
http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the
restrictions.
If named capturing groups are used in the regular expression, when a
match succeeds, the substrings of the subject string that match named
capturing groups are stored (captured) in variables with specific names
which can be used in the fields of LbRuleAction which support variables.
Named capturing group are defined in the format (?<name>subpattern),
such as (?<year>\d{4}).
For example, in the regular expression:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for
subject string "/news/2017/06/xyz.html", the substring "2017" is captured
in variable year, "06" is captured in variable month, and "xyz.html" is
captured in variable article. These variables can be used in LbRuleAction
fields which support variables in form of $name, such as $year, $month,
$article.
Please note, when regular expressions are used in JSON(JavaScript Object
Notation) string, every backslash character (\) needs to be escaped by one
additional backslash character.
| Name | Description | Type | Notes |
|---|---|---|---|
| LbRuleMatchType | Match type for LbRule conditions LbRuleMatchType is used to determine how a specified string value is used to match a specified LbRuleCondition field. STARTS_WITH: If the LbRuleCondition field starts with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. ENDS_WITH: If the LbRuleCondition field ends with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. EQUALS: If the LbRuleCondition field is same as the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. CONTAINS: If the LbRuleCondition field contains the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. REGEX: If the LbRuleCondition field matches specified regular expression, the condition matches. The regular expressions in load balancer rules use the features common to both Java regular expressions and Perl Compatible Regular Expressions (PCREs) with some restrictions. Reference http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the restrictions. If named capturing groups are used in the regular expression, when a match succeeds, the substrings of the subject string that match named capturing groups are stored (captured) in variables with specific names which can be used in the fields of LbRuleAction which support variables. Named capturing group are defined in the format (?<name>subpattern), such as (?<year>\d{4}). For example, in the regular expression: "/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for subject string "/news/2017/06/xyz.html", the substring "2017" is captured in variable year, "06" is captured in variable month, and "xyz.html" is captured in variable article. These variables can be used in LbRuleAction fields which support variables in form of $name, such as $year, $month, $article. Please note, when regular expressions are used in JSON(JavaScript Object Notation) string, every backslash character (\) needs to be escaped by one additional backslash character. |
string | Deprecated Enum: STARTS_WITH, ENDS_WITH, EQUALS, CONTAINS, REGEX |
LbSelectPoolAction (schema) (Deprecated)
Action to select a pool for HTTP request messages
This action is used to select a pool for matched HTTP request messages. The
pool is specified by UUID. The matched HTTP request messages are forwarded
to the specified pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| pool_id | UUID of load balancer pool | string | Required |
| pool_name | Display name of load balancer pool | string | Readonly |
| type | Must be set to the value LbSelectPoolAction | LbRuleActionType | Required |
LbServerSslProfile (schema) (Deprecated)
The object is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| cipher_group_label | Label of cipher group It is a label of cipher group which is mostly consumed by GUI. |
SslCipherGroup | |
| ciphers | supported SSL cipher list to client side | array of SslCipher | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_fips | FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant. |
boolean | Readonly |
| is_secure | Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. |
boolean | Readonly |
| protocols | supported SSL protocol list to client side TLS1.2 is supported and enabled. |
array of SslProtocol | |
| resource_type | Must be set to the value LbServerSslProfile | string | |
| session_cache_enabled | session cache enable/disable falg SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. |
boolean | Default: "True" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LbServerSslProfileListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | paginated list of load balancer server SSL profiles | array of LbServerSslProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LbSessionCookieTime (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| cookie_max_idle | session cookie max idle time in seconds Instead of using HTTP Cookie max-age and relying on client to expire the cookie, max idle time and/or max lifetime of the cookie can be used. Max idle time, if configured, specifies the maximum interval the cookie is valid for from the last time it was seen in a request. It is available for insert mode. |
integer | Minimum: 1 Maximum: 2147483647 |
| cookie_max_life | session cookie max lifetime in seconds Max life time, if configured, specifies the maximum interval the cookie is valid for from the first time the cookie was seen in a request. It is available for insert mode. |
integer | Minimum: 1 Maximum: 2147483647 |
| type | Must be set to the value LbSessionCookieTime | CookieTimeType | Required |
LbSnatAutoMap (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| port_overload | port overloading with same SNAT IP and port Both SNAT automap and SNAT IP list modes support port overloading which allows the same SNAT IP and port to be used for multiple backend connections as long as the tuple (source IP, source port, destination IP, destination port, IP protocol) after SNAT is performed is unique. The valid number is 1, 2, 4, 8, 16, 32. This is a deprecated property. The port overload factor is fixed to 32 in load balancer engine. If it is upgraded from an old version, the value would be changed to 32 automatically. |
integer | Deprecated Minimum: 1 Maximum: 32 Default: "32" |
| type | Must be set to the value LbSnatAutoMap | SnatTranslationType | Required |
LbSnatIpElement (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160 | IPElement | Required |
| prefix_length | subnet prefix length Subnet prefix length should be not specified if there is only one single IP address or IP range. |
integer |
LbSnatIpPool (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | List of Ip address or ip range If an IP range is specified, the range may contain no more than 64 IP addresses. |
array of LbSnatIpElement | Required Maximum items: 64 |
| port_overload | port overloading with same SNAT IP and port Both SNAT automap and SNAT IP list modes support port overloading which allows the same SNAT IP and port to be used for multiple backend connections as long as the tuple (source IP, source port, destination IP, destination port, IP protocol) after SNAT is performed is unique. The valid number is 1, 2, 4, 8, 16, 32. This is a deprecated property. The port overload factor is fixed to 32 in load balancer engine. If it is upgraded from an old version, the value would be changed to 32 automatically. |
integer | Deprecated Minimum: 1 Maximum: 32 Default: "32" |
| type | Must be set to the value LbSnatIpPool | SnatTranslationType | Required |
LbSnatTranslation (schema) (Deprecated)
This is an abstract type. Concrete child types:
LbSnatAutoMap
LbSnatIpPool
| Name | Description | Type | Notes |
|---|---|---|---|
| port_overload | port overloading with same SNAT IP and port Both SNAT automap and SNAT IP list modes support port overloading which allows the same SNAT IP and port to be used for multiple backend connections as long as the tuple (source IP, source port, destination IP, destination port, IP protocol) after SNAT is performed is unique. The valid number is 1, 2, 4, 8, 16, 32. This is a deprecated property. The port overload factor is fixed to 32 in load balancer engine. If it is upgraded from an old version, the value would be changed to 32 automatically. |
integer | Deprecated Minimum: 1 Maximum: 32 Default: "32" |
| type | SnatTranslationType | Required |
LbSslCipherAndProtocolListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| ciphers | List of SSL ciphers | array of LbSslCipherInfo | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| protocols | List of SSL protocols | array of LbSslProtocolInfo | Required |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LbSslCipherInfo (schema) (Deprecated)
SSL cipher
| Name | Description | Type | Notes |
|---|---|---|---|
| cipher | SSL cipher | SslCipher | Required |
| cipher_group_labels | Cipher group label list Several cipher groups might contain the same cipher suite, each cipher suite could have multiple cipher group labels. |
array of SslCipherGroup | |
| is_default | Default SSL cipher flag | boolean | Required |
| is_secure | Secure/insecure SSL cipher flag | boolean | Required |
LbSslModeSelectionAction (schema) (Deprecated)
Action to select SSL mode
This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.
| Name | Description | Type | Notes |
|---|---|---|---|
| ssl_mode | Type of SSL mode SSL Passthrough: LB establishes a TCP connection with client and another connection with selected backend server. LB won't inspect the stream data between client and backend server, but just pass it through. Backend server exchanges SSL connection with client. SSL Offloading: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTP without SSL. LB estalishes new connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. SSL End-to-End: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTPS. LB estalishes new SSL connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. |
string | Required Enum: SSL_PASSTHROUGH, SSL_END_TO_END, SSL_OFFLOAD |
| type | Must be set to the value LbSslModeSelectionAction | LbRuleActionType | Required |
LbSslProfile (schema) (Deprecated)
Load balancer abstract SSL profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value LbSslProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LbSslProtocolInfo (schema) (Deprecated)
SSL protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| is_default | Default SSL protocol flag | boolean | Required |
| is_secure | Secure/insecure SSL protocol flag | boolean | Required |
| protocol | SSL protocol | SslProtocol | Required |
LbSslSessionReusedType (schema) (Deprecated)
Type of SSL session reused
| Name | Description | Type | Notes |
|---|---|---|---|
| LbSslSessionReusedType | Type of SSL session reused | string | Deprecated Enum: IGNORE, REUSED, NEW |
LbSslSniCondition (schema) (Deprecated)
Condition to match SSL SNI in client hello
This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING phase.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for SNI comparing If true, case is significant when comparing SNI value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of SNI Determine how a specified string value is used to match SNI. |
LbRuleMatchType | Default: "REGEX" |
| sni | The server name indication The SNI(Server Name indication) in client hello message. |
string | Required |
| type | Must be set to the value LbSslSniCondition | LbRuleConditionType | Required |
LbTcpHeaderCondition (schema) (Deprecated)
Condition to match TCP header fields
This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| source_port | TCP source port of HTTP message | PortElement | Required |
| type | Must be set to the value LbTcpHeaderCondition | LbRuleConditionType | Required |
LbTcpMonitor (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | num of consecutive checks must fail before marking it down | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | the frequency at which the system issues the monitor check (in second) | integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| monitor_port | port which is used for healthcheck If the monitor port is specified, it would override pool member port setting for healthcheck. A port range is not supported. For ICMP monitor, monitor_port is not required. |
PortElement | |
| receive | expected data received from server Expected data, if specified, can be anywhere in the response and it has to be a string, regular expressions are not supported. |
string | |
| resource_type | Must be set to the value LbTcpMonitor | MonitorType | Required |
| rise_count | num of consecutive checks must pass before marking it up | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| send | data to send If both send and receive are not specified, then just a TCP connection is established (3-way handshake) to validate server is healthy, no data is sent. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | the number of seconds the target has in which to respond to the monitor request | integer | Minimum: 1 Maximum: 2147483647 Default: "15" |
LbUdpMonitor (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | num of consecutive checks must fail before marking it down | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | the frequency at which the system issues the monitor check (in second) | integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| monitor_port | port which is used for healthcheck If the monitor port is specified, it would override pool member port setting for healthcheck. A port range is not supported. For ICMP monitor, monitor_port is not required. |
PortElement | |
| receive | expected data received from server Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period. |
string | Required |
| resource_type | Must be set to the value LbUdpMonitor | MonitorType | Required |
| rise_count | num of consecutive checks must pass before marking it up | integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| send | data to send The data to be sent to the monitored server. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | the number of seconds the target has in which to respond to the monitor request | integer | Minimum: 1 Maximum: 2147483647 Default: "15" |
LbUsageSeverity (schema) (Deprecated)
Load balancer usage severity
Severity is calculated from usage percentage:
GREEN means the current usage percentage is less than 60%.
ORANGE means the current usage percentage is less than 80% and larger than
or equal to 60%.
RED means the current usage percentage is larger than or equal to 80%.
| Name | Description | Type | Notes |
|---|---|---|---|
| LbUsageSeverity | Load balancer usage severity Severity is calculated from usage percentage: GREEN means the current usage percentage is less than 60%. ORANGE means the current usage percentage is less than 80% and larger than or equal to 60%. RED means the current usage percentage is larger than or equal to 80%. |
string | Deprecated Enum: GREEN, ORANGE, RED |
LbVariableAssignmentAction (schema) (Deprecated)
Action to create variable and assign value to it.
This action is used to create a new variable and assign value to it.
One action can be used to create one variable. To create multiple
variables, multiple actions must be defined.
The variables can be used by LbVariableCondition, etc.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LbVariableAssignmentAction | LbRuleActionType | Required |
| variable_name | Name of the variable to be assigned | string | Required |
| variable_value | Value of variable | string | Required |
LbVariableCondition (schema) (Deprecated)
Condition to match IP header fields
This condition is used to match variable's name and value at all
phases. The variables could be captured from REGEX or assigned by
LbVariableAssignmentAction or system embedded variable. Varialbe_name
and variable_value should be matched at the same time.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for variable value comparing If true, case is significant when comparing variable value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of variable value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LbVariableCondition | LbRuleConditionType | Required |
| variable_name | Name of the variable to be matched | string | Required |
| variable_value | Value of variable to be matched | string | Required |
LbVariablePersistenceLearnAction (schema) (Deprecated)
Action to learn the variable value
This action is performed in HTTP response rewrite phase. It is used to
learn the value of variable from the HTTP response, and insert an entry
into the persistence table if the entry doesn't exist.
| Name | Description | Type | Notes |
|---|---|---|---|
| persistence_profile_id | UUID of LbPersistenceProfile If the persistence profile UUID is not specified, a default persistence table is created per virtual server. Currently, only LbGenericPersistenceProfile is supported. |
string | |
| type | Must be set to the value LbVariablePersistenceLearnAction | LbRuleActionType | Required |
| variable_hash_enabled | Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key. |
boolean | Default: "False" |
| variable_name | Variable name The property is the name of variable to be learnt. It is used to identify which variable's value is learnt from HTTP response. The variable can be a system embedded variable such as "_cookie_JSESSIONID", a customized variable defined in LbVariableAssignmentAction or a captured variable in regular expression such as "article". |
string | Required |
LbVariablePersistenceOnAction (schema) (Deprecated)
Action to persist the variable value
This action is performed in HTTP forwarding phase. It is used to inspect
the variable of HTTP request, and look up the persistence entry with its
value and pool uuid as key.
If the persistence entry is found, the HTTP request is forwarded to the
recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the
table after backend server is selected.
| Name | Description | Type | Notes |
|---|---|---|---|
| persistence_profile_id | UUID of LbPersistenceProfile If the persistence profile UUID is not specified, a default persistence table is created per virtual server. Currently, only LbGenericPersistenceProfile is supported. |
string | |
| type | Must be set to the value LbVariablePersistenceOnAction | LbRuleActionType | Required |
| variable_hash_enabled | Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key. |
boolean | Default: "False" |
| variable_name | Variable name The property is the name of variable to be used. It specifies which variable's value of a HTTP Request will be used in the key of persistence entry. The variable can be a system embedded variable such as "_cookie_JSESSIONID", a customized variable defined in LbVariableAssignmentAction or a captured variable in regular expression such as "article". |
string | Required |
LldpHostSwitchProfile (schema) (Deprecated)
Host Switch for LLDP
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value LldpHostSwitchProfile | HostSwitchProfileType | Required |
| send_enabled | Enabled or disabled sending LLDP packets | boolean | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LogicalDhcpServer (schema) (Deprecated)
Logical DHCP server
Definition of a logical DHCP server which can be attached a logical switch
via a logical port. Both ipv4_dhcp_server and ipv6_dhcp_server can be
configured at the same time, or only configure either ipv4_dhcp_server or
ipv6_dhcp_server.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| attached_logical_port_id | Id of attached logical port The uuid of the attached logical port. Read only. |
string | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_profile_id | DHCP profile uuid The DHCP profile uuid the logical DHCP server references. |
string | Required |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipv4_dhcp_server | DHCP server for ipv4 addresses The DHCP server for ipv4 addresses allocation service. |
IPv4DhcpServer | |
| ipv6_dhcp_server | DHCP server for ipv6 addresses The DHCP server for ipv6 addresses allocation service. |
IPv6DhcpServer | |
| resource_type | Must be set to the value LogicalDhcpServer | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LogicalDhcpServerListResult (schema) (Deprecated)
A list of logical DHCP servers
A paginated list of logical DHCP servers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of DHCP servers A paginated list of logical DHCP servers. |
array of LogicalDhcpServer | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LogicalPort (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| address_bindings | Address bindings for logical port Each address binding must contain both an IPElement and MAC address. VLAN ID is optional. This binding configuration can be used by features such as spoof-guard and overrides any discovered bindings. Any non unique entries are deduplicated to generate a unique set of address bindings and then stored. For IP addresses, a subnet address cannot have host bits set. A maximum of 128 unique address bindings is allowed per port. |
array of PacketAddressClassifier | Minimum items: 0 Maximum items: 512 |
| admin_state | Represents Desired state of the logical port | string | Required Enum: UP, DOWN |
| attachment | Logical port attachment | LogicalPortAttachment | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| extra_configs | Extra configs on logical port This property could be used for vendor specific configuration in key value string pairs. Logical port setting will override logical switch setting if the same key was set on both logical switch and logical port. |
array of ExtraConfig | |
| id | Unique identifier of this resource | string | Sortable |
| ignore_address_bindings | Address bindings to be ignored by IP Discovery module IP Discovery module uses various mechanisms to discover address bindings being used on each port. If a user would like to ignore any specific discovered address bindings or prevent the discovery of a particular set of discovered bindings, then those address bindings can be provided here. Currently IP range in CIDR format is not supported. |
array of PacketAddressClassifier | Minimum items: 0 Maximum items: 16 |
| init_state | Initial state of this logical ports Set initial state when a new logical port is created. 'UNBLOCKED_VLAN' means new port will be unblocked on traffic in creation, also VLAN will be set with corresponding logical switch setting. This port setting can only be configured at port creation (POST), and cannot be modified. 'RESTORE_VIF' fetches and restores VIF attachment from ESX host. |
LogicalPortInitState | |
| internal_id | ID of the logical port in Global Manager The internal_id of the logical port may or may not be identical to it's managed resource ID. If a VirtualMachine connected to logical port migrates from one site to another, then on the destination site, it will be connected to different logical port managed resource. However, the internal_id field will be persisted across vmotion. |
string | |
| logical_switch_id | Id of the Logical switch that this port belongs to. | string | Required |
| origin_id | ID of the distributed virtual port and the distributed virtual switch in the source vCenter ID populated by NSX when NSX on DVPG is used to indicate the source distributed virtual port and the corresponding distributed virtual switch. This ID is populated only for logical ports that belong to a logical switch of type DVPG. |
string | Readonly |
| resource_type | Must be set to the value LogicalPort | string | |
| switching_profile_ids | array of SwitchingProfileTypeIdEntry | ||
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LogicalPortAttachment (schema) (Deprecated)
Logical port attachment
| Name | Description | Type | Notes |
|---|---|---|---|
| attachment_type | Type of attachment for logical port Indicates the type of logical port attachment. By default it is Virtual Machine interface (VIF) |
AttachmentType | Default: "VIF" |
| context | Attachment context Extra context data for the attachment |
AttachmentContext (Abstract type: pass one of the following concrete types) L2VpnAttachmentContext VifAttachmentContext |
|
| id | Identifier of the interface attached to the logical port | string | Required |
LogicalPortAttachmentState (schema) (Deprecated)
VIF attachment state of a logical port
| Name | Description | Type | Notes |
|---|---|---|---|
| attachers | VM or vmknic entities that are attached to the LogicalPort | array of PortAttacher | Readonly |
| id | VIF ID | string | Readonly |
| state | State of the VIF attached to LogicalPort A logicalPort must be in one of following state. FREE - If there are no active attachers. The LogicalPort may or may not have an attachment ID configured on it. This state is applicable only to LogialPort of static type. ATTACHED - LogicalPort has exactly one active attacher and no further configuration is pending. ATTACHED_PENDING_CONF - LogicalPort has exactly one attacher, however it may not have been configured completely. Additional configuration will be provided by other nsx components. ATTACHED_IN_MOTION - LogicalPort has multiple active attachers. This state represents a scenario where VM is moving from one location (host or storage) to another (e.g. vmotion, vSphere HA) DETACHED - A temporary state after all LogialPort attachers have been detached. This state is applicable only to LogicalPort of ephemeral type and the LogicalPort will soon be deleted. |
string | Required Readonly Enum: FREE, ATTACHED, ATTACHED_PENDING_CONF, ATTACHED_IN_MOTION, DETACHED |
LogicalPortDeleteParameters (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| detach | force delete even if attached or referenced by a group If this is set to true, then logical port is deleted regardless of whether it has attachments, or it is added to any NSGroup. |
boolean | Default: "False" |
LogicalPortInitState (schema) (Deprecated)
Supported initial state of logical port
| Name | Description | Type | Notes |
|---|---|---|---|
| LogicalPortInitState | Supported initial state of logical port | string | Deprecated Enum: UNBLOCKED_VLAN, RESTORE_VIF |
LogicalPortListParameters (schema) (Deprecated)
Logical port list parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| attachment_id | Logical Port attachment Id | string | |
| attachment_type | Type of attachment for logical port; NONE means no attachment. | AttachmentTypeQueryString | |
| bridge_cluster_id | Bridge Cluster identifier | string | |
| container_ports_only | Only container VIF logical ports will be returned if true | boolean | Default: "False" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| diagnostic | Flag to enable showing of transit logical port. | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| logical_switch_id | Logical Switch identifier | string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| parent_vif_id | ID of the VIF of type PARENT Get logical ports that have CHILD VIF attachment of given PARENT VIF. |
string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| switching_profile_id | Network Profile identifier | string | |
| transport_node_id | Transport node identifier Get logical ports on the transport node; it can not be given together with other parameters except container_ports_only and attachment_type VIF. |
string | |
| transport_zone_id | Transport zone identifier | string |
LogicalPortListResult (schema) (Deprecated)
Logical port queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | LogicalPort Results | array of LogicalPort | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LogicalPortState (schema) (Deprecated)
Realized state of the logical port.
Contians realized state of the logical port. For example, transport node
on which the port is located, discovered and realized address bindings of
the logical port.
| Name | Description | Type | Notes |
|---|---|---|---|
| attachment | Logical port attachment state | LogicalPortAttachmentState | Readonly |
| discovered_bindings | Logical port bindings discovered automatically Contains the list of address bindings for a logical port that were automatically dicovered using various snooping methods like ARP, DHCP etc. |
array of AddressBindingEntry | |
| duplicate_bindings | Duplicate logical port address bindings If any address binding discovered on the port is also found on other port on the same logical switch, then it is included in the duplicate bindings list along with the ID of the port with which it conflicts. |
array of DuplicateAddressBindingEntry | |
| id | Id of the logical port | string | Required |
| realized_bindings | Realized logical port bindings List of logical port bindings that are realized. This list may be populated from the discovered bindings or manual user specified bindings. This binding configuration can be used by features such as firewall, spoof-guard, traceflow etc. |
array of AddressBindingEntry | |
| transport_node_ids | Identifiers of the transport node where the port is located | array of string |
LogicalSwitch (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| admin_state | Represents Desired state of the Logical Switch | string | Required Enum: UP, DOWN |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| extra_configs | Extra configs on logical switch This property could be used for vendor specific configuration in key value string pairs, the setting in extra_configs will be automatically inheritted by logical ports in the logical switch. |
array of ExtraConfig | |
| global_vni | VNI allocated by the global manager The VNI is used for intersite traffic and the global logical switch ID. The global VNI pool is agnostic of the local VNI pool, and there is no need to have an exclusive VNI range. For example, VNI x can be the global VNI for logical switch B and the local VNI for logical switch A. |
int | |
| hybrid | Flag to identify a hybrid logical switch If this flag is set to true, then all the logical switch ports attached to this logical switch will behave in a hybrid fashion. The hybrid logical switch port indicates to NSX that the VM intends to operate in underlay mode, but retains the ability to forward egress traffic to the NSX overlay network. This flag can be enabled only for the logical switches in the overlay type transport zone which has host switch mode as LEGACY and also has either CrossCloud or CloudScope tag scopes. Only the NSX public cloud gateway (PCG) uses this flag, other host agents like ESX, KVM and Edge will ignore it. This property cannot be modified once the logical switch is created. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| ip_pool_id | Allocation ip pool associated with the Logical switch IP pool id that associated with a LogicalSwitch. |
string | |
| mac_pool_id | Allocation mac pool associated with the Logical switch Mac pool id that associated with a LogicalSwitch. |
string | |
| node_local_switch | A flag to prevent BUM (broadcast, unknown-unicast and multicast) traffic from reaching the other spanned edges. | boolean | |
| origin_id | ID of the LS of type DVPG in the source vCenter ID populated by NSX when NSX on DVPG is used to indicate the source DVPG. |
string | Readonly |
| origin_type | The type of source from which the DVPG is discovered | string | Readonly Enum: VCENTER |
| replication_mode | Replication mode of the Logical Switch | string | Enum: MTEP, SOURCE |
| resource_type | Must be set to the value LogicalSwitch | string | |
| span | List of Local Manager IDs the logical switch extends Each manager ID represents the NSX Local Manager the logical switch connects. This will be populated by the manager. |
array of string | Minimum items: 0 Maximum items: 16 |
| switch_type | Type of LogicalSwitch. This field indicates purpose of a LogicalSwitch. It is set by manager internally or user can provide this field. If not set, DEFAULT type is assigned. NSX components can use this field to create LogicalSwitch that provides component specific functionality. DEFAULT type LogicalSwitches are created for basic L2 connectivity by API users. SERVICE_PLANE type LogicalSwitches are system created service plane LogicalSwitches for Service Insertion service. User can not create SERVICE_PLANE type of LogicalSwitch. DHCP_RELAY type LogicalSwitches are created by external user like Policy with special permissions or by system and will be treated as internal LogicalSwitches. Such LogicalSwitch will not be exposed to vSphere user. GLOBAL type LogicalSwitches are created to span multiple NSX domains to connect multiple remote sites. INTER_ROUTER type LogicalSwitches are policy-created LogicalSwitches which provide inter-router connectivity. DVPG type LogicalSwitches are NSX-created based on DVPGs found in VC which are used as shadow objects in NSX on DVPG. |
string | Enum: DEFAULT, SERVICE_PLANE, DHCP_RELAY, GLOBAL, INTER_ROUTER, EVPN, DVPG |
| switching_profile_ids | array of SwitchingProfileTypeIdEntry | ||
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_zone_id | Id of the TransportZone to which this LogicalSwitch is associated | string | Required |
| uplink_teaming_policy_name | The name of the switching uplink teaming policy for the logical switch This name has to be one of the switching uplink teaming policy names listed inside the logical switch's TransportZone. If this field is not specified, the logical switch will not have a teaming policy associated with it and the host switch's default teaming policy will be used. |
string | |
| vlan | VLAN Id of logical switch This property is dedicated to VLAN based network, to set VLAN of logical network. It is mutually exclusive with 'vlan_trunk_spec'. |
VlanID | |
| vlan_trunk_spec | VLAN trunk spec of logical switch This property is used for VLAN trunk specification of logical switch. It's mutually exclusive with 'vlan'. Also it could be set to do guest VLAN tagging in overlay network. |
VlanTrunkSpec | |
| vni | VNI for this LogicalSwitch. Only for OVERLAY network. A VNI will be auto-allocated from the default VNI pool if not given; otherwise the given VNI has to be inside the default pool and not used by any other LogicalSwitch. |
int |
LogicalSwitchDeleteParameters (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| cascade | Delete a Logical Switch and all the logical ports in it, if none of the logical ports have any attachment. | boolean | Default: "False" |
| detach | Force delete a logical switch If this is set to true, then logical switch is deleted regardless of whether or not it is added to NSGroup. If cascade is set to true in the meantime, then logical switch and all logical ports are deleted regardless of whether any logical port in this switch has attachments. |
boolean | Default: "False" |
LogicalSwitchListParameters (schema) (Deprecated)
Logical Switch list parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| diagnostic | Flag to enable showing of transit logical switch. | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| switch_type | Logical Switch type | string | Enum: DEFAULT, SERVICE_PLANE, DHCP_RELAY, GLOBAL, INTER_ROUTER, EVPN, DVPG |
| switching_profile_id | Switching Profile identifier | string | |
| transport_type | Mode of transport supported in the transport zone for this logical switch | TransportType | |
| transport_zone_id | Transport zone identifier | string | |
| uplink_teaming_policy_name | The logical switch's uplink teaming policy name | string | |
| vlan | Return VLAN logical switches whose "vlan" field matches this value | VlanID | |
| vni | VNI of the OVERLAY LogicalSwitch(es) to return. | int |
LogicalSwitchListResult (schema) (Deprecated)
Logical Switch queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Logical Switch Results | array of LogicalSwitch | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LogicalSwitchState (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| logical_switch_id | Id of the logical switch | string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING |
LogicalSwitchStateListResult (schema) (Deprecated)
Logical Switch state queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Logical Switch State Results | array of LogicalSwitchState | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LogicalSwitchStateParameters (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| status | Realized state of logical switches | string | Enum: PENDING, IN_PROGRESS, PARTIAL_SUCCESS, SUCCESS |
LogicalSwitchStatus (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| logical_switch_id | Unique ID identifying the the Logical Switch | string | Readonly |
| num_logical_ports | Count of Logical Ports belonging to this switch | int | Readonly |
MacLearningSpec (schema) (Deprecated)
MAC learning configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| aging_time | Aging time in sec for learned MAC address | int | Readonly Default: "600" |
| enabled | Allowing source MAC address learning | boolean | Required |
| limit | The maximum number of MAC addresses that can be learned on this port This property specifies the limit on the maximum number of MAC addresses that can be learned on a port. It is consumed by vswitch kernel module on the hypervisor while learning MACs per port for VMs that are local to the host. |
int | Minimum: 0 Maximum: 4096 Default: "4096" |
| limit_policy | The policy after MAC Limit is exceeded | string | Enum: ALLOW, DROP Default: "ALLOW" |
| remote_overlay_mac_limit | The maximum number of MAC addresses learned on an overlay Logical Switch This property specifies the limit on the maximum number of MACs learned for a remote Virtual Machine's MAC to vtep binding per overlay logical switch. |
int | Minimum: 2048 Maximum: 8192 Default: "2048" |
| unicast_flooding_allowed | Allowing flooding for unlearned MAC for ingress traffic | boolean |
MacManagementSwitchingProfile (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mac_change_allowed | Allowing source MAC address change | boolean | Default: "False" |
| mac_learning | MAC learning configuration | MacLearningSpec | |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value MacManagementSwitchingProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
MetadataProxy (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| attached_logical_port_id | id of attached logical port | string | Readonly |
| crypto_protocols | metadata proxy supported cryptographic protocols. The cryptographic protocols listed here are supported by the metadata proxy. The TLSv1.1 and TLSv1.2 are supported by default. |
array of MetadataProxyCryptoProtocol | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_cluster_id | edge cluster uuid | string | Required |
| edge_cluster_member_indexes | edge cluster member indexes If none is provided, the NSX will auto-select two edge-nodes from the given edge cluster. If user provides only one edge node, there will be no HA support. |
array of integer | Minimum items: 0 Maximum items: 2 |
| enable_standby_relocation | Flag to enable standby Metadata proxy server relocation Flag to enable the auto-relocation of standby Metadata Proxy in case of edge node failure. Only tier 1 and auto placed Metadata Proxy are considered for the relocation. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| metadata_server_ca_ids | uuids of CAs to verify metadata server certificate The CAs referenced here must be uploaded to the truststore using the API POST /api/v1/trust-management/certificates?action=import. User needs to ensure a correct CA for this metedata server is used. The REST API can not detect a wrong CA which was used to verify a different server. If the Metadata Proxy reports an ERROR or NO_BACKUP status, user can check the metadata proxy log at transport node for a possible CA issue. |
array of string | |
| metadata_server_url | metadata server url The URL in format scheme://host:port/path. Please note, the scheme supports only http and https as of now, port supports range 3000 - 9000, inclusive. |
string | Required |
| resource_type | Must be set to the value MetadataProxy | string | |
| secret | secret to access metadata server | secure_string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
MetadataProxyCryptoProtocol (schema) (Deprecated)
Metadata proxy supported cryptographic protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| MetadataProxyCryptoProtocol | Metadata proxy supported cryptographic protocol | string | Deprecated Enum: TLS_V1, TLS_V1_1, TLS_V1_2 |
MetadataProxyListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | paginated list of metadata proxies | array of MetadataProxy | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
MetadataProxyStatistics (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| metadata_proxy_id | metadata proxy uuid | string | Required |
| statistics | metadata proxy statistics per logical switch | array of MetadataProxyStatisticsPerLogicalSwitch | |
| timestamp | timestamp of the statistics | EpochMsTimestamp | Required |
MetadataProxyStatisticsPerLogicalSwitch (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| error_responses_from_nova_server | error responses from nova server | integer | Required |
| logical_switch_id | uuid of attached logical switch | string | Required |
| requests_from_clients | requests from clients | integer | Required |
| requests_to_nova_server | requests to nova server | integer | Required |
| responses_to_clients | responses to clients | integer | Required |
| succeeded_responses_from_nova_server | succeeded responses from nova server | integer | Required |
MetadataProxyStatisticsRequestParameters (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| logical_switch_id | The uuid of logical switch | string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
MetadataProxyStatus (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| error_message | Error message, if available | string | |
| proxy_status | UP means the metadata proxy is working fine on both transport-nodes(if have);
DOWN means the metadata proxy is is down on both transport-nodes(if have), hence the metadata proxy will not repsonse any metadata request; Error means error happens on transport-node(s) or no status is reported from transport-node(s). The metadata proxy may be working (or not working); NO_BACK means metadata proxy is working in one of the transport node while not in the other transport-node (if have). Hence if the metadata proxy in the working transport-node goes down, the metadata proxy will go down. |
string | Required Enum: UP, DOWN, ERROR, NO_BACKUP |
| transport_nodes | ids of transport nodes where this metadata proxy is running Order of the transport nodes is insensitive because Metadata Proxy is running in Active-Active mode among target transport nodes. |
array of string | Required |
MonitorQueryType (schema) (Deprecated)
monitor query type
MonitorQueryType is used to query load balancer monitors.
LbActiveMonitor represents active load balancer monitors.
While LbActiveMonitor is specified to query load balancer
monitors, it returns all active monitors, including LbHttpMonitor,
LbHttpMonitor, LbIcmpMonitor, LbTcpMonitor,
LbUdpMonitor.
| Name | Description | Type | Notes |
|---|---|---|---|
| MonitorQueryType | monitor query type MonitorQueryType is used to query load balancer monitors. LbActiveMonitor represents active load balancer monitors. While LbActiveMonitor is specified to query load balancer monitors, it returns all active monitors, including LbHttpMonitor, LbHttpMonitor, LbIcmpMonitor, LbTcpMonitor, LbUdpMonitor. |
string | Deprecated Enum: LbHttpMonitor, LbHttpsMonitor, LbIcmpMonitor, LbTcpMonitor, LbUdpMonitor, LbPassiveMonitor, LbActiveMonitor |
MonitorType (schema) (Deprecated)
monitor type
Load balancers monitor the health of backend servers to ensure traffic
is not black holed.
There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server
or the application is down.
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.
| Name | Description | Type | Notes |
|---|---|---|---|
| MonitorType | monitor type Load balancers monitor the health of backend servers to ensure traffic is not black holed. There are two types of healthchecks: active and passive. Passive healthchecks depend on failures in actual client traffic (e.g. RST from server in response to a client connection) to detect that the server or the application is down. In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP and ICMP protocols. |
string | Deprecated Enum: LbHttpMonitor, LbHttpsMonitor, LbIcmpMonitor, LbTcpMonitor, LbUdpMonitor, LbPassiveMonitor |
NamedTeamingPolicy (schema) (Deprecated)
Uplink Teaming Policy with a name that can be referenced by logical switches
| Name | Description | Type | Notes |
|---|---|---|---|
| active_list | List of Uplinks used in active list | array of Uplink | Required |
| name | The name of the uplink teaming policy An uplink teaming policy of a given name defined in UplinkHostSwitchProfile. The names of all NamedTeamingPolicies in an UplinkHostSwitchProfile must be different, but a name can be shared by different UplinkHostSwitchProfiles. Different TransportNodes can use different NamedTeamingPolicies having the same name in different UplinkHostSwitchProfiles to realize an uplink teaming policy on a logical switch. An uplink teaming policy on a logical switch can be any policy defined by a user; it does not have to be a single type of FAILOVER or LOADBALANCE. It can be a combination of types, for instance, a user can define a policy with name "MyHybridTeamingPolicy" as "FAILOVER on all ESX TransportNodes and LOADBALANCE on all KVM TransportNodes". The name is the key of the teaming policy and can not be changed once assigned. |
string | Required Maximum length: 136 |
| policy | Teaming policy | string | Required Enum: FAILOVER_ORDER, LOADBALANCE_SRCID, LOADBALANCE_SRC_MAC |
| rolling_order | Flag for preemptive mode | boolean | |
| standby_list | List of Uplinks used in standby list | array of Uplink |
NatActions (schema) (Deprecated)
NAT action types
NAT action types.
| Name | Description | Type | Notes |
|---|---|---|---|
| NatActions | NAT action types NAT action types. |
string | Deprecated Enum: SNAT, DNAT, REFLEXIVE, NO_SNAT, NO_DNAT, NAT64 |
NatCounters (schema) (Deprecated)
NAT statistics count
Provides the following statistics for the NAT rules:
- Current number of active traffic sessions matching the NAT rules.
- Total number of bytes processed on the NAT rules since the time the rules
were created.
- Total number of packets processed on the NAT rules since the time the rules
were created.
| Name | Description | Type | Notes |
|---|---|---|---|
| active_sessions | Active sessions Provides the current number of active traffic sessions matching the NAT rules. |
integer | Readonly |
| total_bytes | Total bytes Provides the total number of bytes processed on the NAT rules since the time the rules were created. |
integer | Readonly |
| total_packets | Total packets Provides the total number of packets processed on the NAT rules since the time the rules were created. |
integer | Readonly |
NatFirewallMatch (schema) (Deprecated)
The rule how the firewall is applied to a traffic packet
The type indicates how the firewall is applied to a traffic packet.
MATCH_EXTERNAL_ADRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done.
MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done.
BYPASS indicates the firewall stage will be skipped.
| Name | Description | Type | Notes |
|---|---|---|---|
| NatFirewallMatch | The rule how the firewall is applied to a traffic packet The type indicates how the firewall is applied to a traffic packet. MATCH_EXTERNAL_ADRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done. MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done. BYPASS indicates the firewall stage will be skipped. |
string | Deprecated Enum: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS, BYPASS |
NatRule (schema) (Deprecated)
The configuration entity to define a NAT rule
The configuration entity to define a NAT rule. It defines how an ip packet
is matched via source address or/and destination address or/and service(s),
how the address (and/or) port is translated, and how the related firewall
stage is involved or bypassed.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | NAT rule action type Valid actions: SNAT, DNAT, NO_SNAT, NO_DNAT, REFLEXIVE, NAT64. All rules in a logical router are either stateless or stateful. Mix is not supported. SNAT and DNAT are stateful, can NOT be supported when the logical router is running at active-active HA mode; REFLEXIVE is stateless. NO_SNAT and NO_DNAT have no translated_fields, only match fields are supported. |
NatActions | Required |
| applied_tos | List of LogicalRouterPort resources as applied to Holds the list of LogicalRouterPort Ids that a NAT rule can be applied to. The LogicalRouterPort used must belong to the same LogicalRouter for which the NAT Rule is created. As of now a NAT rule can only have a single LogicalRouterPort as applied_tos. When applied_tos is not set, the NAT rule is applied to all LogicalRouterPorts beloging to the LogicalRouter. |
array of ResourceReference | Maximum items: 1 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | enable/disable the rule Indicator to enable/disable the rule. |
boolean | Default: "True" |
| firewall_match | The rule how the firewall is applied Indicate how firewall is applied to a traffic packet. Firewall can be bypassed, or be applied to external/internal address of NAT rule. |
NatFirewallMatch | |
| id | Unique identifier of this resource | string | Sortable |
| internal_rule_id | Internal NAT rule uuid Internal NAT rule uuid for debug used in Controller and backend. |
string | Readonly |
| logging | Enable/disable the logging of rule Enable/disable the logging of rule. |
boolean | Default: "False" |
| logical_router_id | Logical router id The logical router id which the nat rule runs on. |
string | Readonly |
| match_destination_network | match destination network IP Address | CIDR | (null implies Any) |
string | |
| match_service | match service A NSServiceElement that specifies the matching services of source ports, destination ports, ip protocol version and number, sub protocol version and number, ICMP type and code, etc. The match_service can be one of IPProtocolNSService,L4PortSetNSService or ICMPTypeNSService. REFLEXIVE NAT does not support match_service. |
NSServiceElement (Abstract type: pass one of the following concrete types) ALGTypeNSService EtherTypeNSService ICMPTypeNSService IGMPTypeNSService IPProtocolNSService L4PortSetNSService |
|
| match_source_network | match source network IP Address | CIDR | (null implies Any) |
string | |
| pb_vpn_mode | The rule how the NAT applies to Policy-Based VPN traffic Indicate how the rule applies to Policy-Based VPN traffic. It's supported only for NAT rule action type DNAT and NO_DNAT. BYPASS indicates that NAT rule is applied to the traffic received on Routed-Based VPN tunnel. EXCLUSIVE indicates that NAT rule is applied to the inbound traffic received on Policy-Based VPN tunnel only. |
PbVpnMode | Default: "BYPASS" |
| resource_type | Must be set to the value NatRule | string | |
| rule_priority | NAT rule priority Ascending, valid range [0-2147483647]. If multiple rules have the same priority, evaluation sequence is undefined. |
integer | Default: "1024" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| translated_network | IP Address | IP Range | CIDR The translated address for the matched IP packet. For a SNAT, it can be a single ip address, an ip range, or a CIDR block. For a DNAT and a REFLEXIVE, it can be a single ip address or a CIDR block. Translated network is not supported for NO_SNAT or NO_DNAT. |
string | |
| translated_ports | port number or port range. DNAT only The translated port(s) for the mtached IP packet. It can be a single port or a port range. Please note, port translating is supported only for DNAT. |
string |
NatRuleList (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| rules | NAT rules list Add new NatRules to the list in Bulk creation. |
array of NatRule | Required Maximum items: 128 |
NatRuleListResult (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | NAT rule list results | array of NatRule | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NatRuleTypeParameter (schema) (Deprecated)
The parameter of getting NAT rules
The parameters for getting NAT rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| rule_type | Action type for getting NAT rules If not specify rule_type, backend returns NAT rule list for IPv4. If specify rule_type to ALL, backend returns all NAT rules list. If specify rule_type to NATv4, backend returns NAT rule list for IPv4. If specify rule_type to NAT64, backend returns NAT rule list for IPv6. |
string | Enum: ALL, NATv4, NAT64 |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
NatStatisticsPerLogicalRouter (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_router_id | Id for the logical router | string | Required Readonly |
| per_transport_node_statistics | Detailed per node statistics | array of NatStatisticsPerTransportNode | Readonly |
| statistics_across_all_nodes | Rolled-up statistics for all rules on the logical router across all the nodes | NatCounters | Required Readonly |
NatStatisticsPerRule (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_sessions | Active sessions Provides the current number of active traffic sessions matching the NAT rules. |
integer | Readonly |
| id | The id of the NAT rule. | string | Required Readonly |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_router_id | The id of the logical router which owns the NAT rule. | string | Required Readonly |
| total_bytes | Total bytes Provides the total number of bytes processed on the NAT rules since the time the rules were created. |
integer | Readonly |
| total_packets | Total packets Provides the total number of packets processed on the NAT rules since the time the rules were created. |
integer | Readonly |
| warning_message | The warning message about the NAT Rule statistics. | string | Readonly |
NiocProfile (schema) (Deprecated)
Profile for Nioc
This profile is created for Network I/O Control(NIOC).
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enabled status of NIOC feature The enabled property specifies the status of NIOC feature. When enabled is set to true, NIOC feature is turned on and the bandwidth allocations specified for the traffic resources are enforced. When enabled is set to false, NIOC feature is turned off and no bandwidth allocation is guaranteed. By default, enabled will be set to true. |
boolean | Default: "True" |
| host_infra_traffic_res | Resource allocation associated with NiocProfile host_infra_traffic_res specifies bandwidth allocation for various traffic resources. |
array of ResourceAllocation | |
| id | Unique identifier of this resource | string | Sortable |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value NiocProfile | HostSwitchProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
NsLookupParameters (schema) (Deprecated)
The parameters of nslookup
The parameters for DNS nslookup.
| Name | Description | Type | Notes |
|---|---|---|---|
| address | IP address or FQDN for nslookup IP address or FQDN for this lookup |
string | |
| server_ip | Target server used for this lookup If absent, the underlying DNS forwarder will be used as the target server. And the answer could be cached by the forwarder if it was not cached yet. If provided, the query will go directly to the given server. You will need to ensure this address represents a workable and reachale DNS server. The answer will not be cached by the forwarder unless this server_ip is exactly the same listener ip of the forwarder. |
IPv4Address | |
| source_ip | Source ip used for this lookup Source ip used for this lookup. If absent, the listener ip of the underlying DNS forwarder will be used as the source ip. If provided, you will need to ensure this source ip is valid and can be routed back to the transport node via data plane |
IPv4Address |
PacketAddressClassifier (schema) (Deprecated)
Address classifications for a packet
A packet is classified to have an address binding, if its address
configuration matches with all user specified properties.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | A single IP address or a subnet, e.g. x.x.x.x or x.x.x.x/y | IPElement | |
| mac_address | A single MAC address | MACAddress | |
| vlan | VlanID |
PerForwarderStatistics (schema) (Deprecated)
Per-forwarder query statistics counters
Query statistics counters of a forwarder identified by domain names.
| Name | Description | Type | Notes |
|---|---|---|---|
| domain_names | Domain names configured for the forwarder Domain names configured for the forwarder. Empty if this is the default forwarder. |
array of string | Readonly Minimum items: 0 Maximum items: 100 |
| upstream_statistics | Statistics per upstream server. | array of PerUpstreamServerStatistics | Readonly Minimum items: 0 Maximum items: 3 |
PerNodeUsedCacheStatistics (schema) (Deprecated)
Per-node used cache query statistics counters
Query statistics counters of used cache from node
| Name | Description | Type | Notes |
|---|---|---|---|
| cached_entries | The total number of cached entries | integer | Readonly |
| node_id | Uuid of active/standby transport node | string | Readonly |
| used_cache_size | The memory size used in cache, in kb | integer | Readonly |
PerUpstreamServerStatistics (schema) (Deprecated)
Per-upstream server query statistics counters
Query statistics counters to an upstream server including successfully
forwarded queries and failed queries.
| Name | Description | Type | Notes |
|---|---|---|---|
| queries_failed | Queries failed to forward. | integer | Readonly |
| queries_succeeded | Queries forwarded successfully | integer | Readonly |
| upstream_server | Upstream server ip | IPAddress | Readonly |
Pnic (schema) (Deprecated)
Physical NIC specification
| Name | Description | Type | Notes |
|---|---|---|---|
| device_name | device name or key | string | Required |
| uplink_name | Uplink name for this Pnic. This name will be used to reference this Pnic in other configurations. | string | Required |
PolicyBasedL3VpnSession (schema) (Deprecated)
Policy based L3Vpn Session
A Policy-based L3Vpn session is a configuration in which a specific vpn tunnel is
referenced in a policy whose action is set as tunnel.
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value PolicyBasedL3VpnSession | L3VpnSessionResourceType | Required |
| rules | L3Vpn Rules L3Vpn rules that are specific to the L3Vpn. Only L3Vpn rules with PROTECT action are supported. |
array of L3VpnRule |
PolicyDHGroup (schema) (Deprecated)
Diffie-Hellman groups
Diffie-Hellman groups represent algorithm used to derive shared keys between
IPSec VPN initiator and responder over an unsecured network.
GROUP2 uses 1024-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyDHGroup | Diffie-Hellman groups Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1024-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. |
string | Deprecated Enum: GROUP2, GROUP5, GROUP14, GROUP15, GROUP16 |
PolicyIKEDigestAlgorithm (schema) (Deprecated)
Digest Algorithms used in IKE negotiations
The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyIKEDigestAlgorithm | Digest Algorithms used in IKE negotiations The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. |
string | Deprecated Enum: SHA1, SHA2_256, SHA2_384, SHA2_512 |
PolicyIKEEncryptionAlgorithm (schema) (Deprecated)
Encryption algorithms used in IKE
IKEEncryption algorithms are used to ensure confidentiality of the messages
exchanged during IKE negotiations. AES stands for Advanced Encryption Standards.
AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to
provide both confidentiality and data origin authentication. AES_GCM composed
of two separate functions one for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GMAC_128 uses 128-bit keys.
AES_GMAC_192 uses 192-bit keys.
AES_GMAC_256 uses 256-bit keys.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyIKEEncryptionAlgorithm | Encryption algorithms used in IKE IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GMAC_128 uses 128-bit keys. AES_GMAC_192 uses 192-bit keys. AES_GMAC_256 uses 256-bit keys. |
string | Deprecated Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256 |
PolicyIKEVersion (schema) (Deprecated)
IKE version
IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds
to both IKE-V1 and IKE-V2.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyIKEVersion | IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. |
string | Deprecated Enum: IKE_V1, IKE_V2, IKE_FLEX |
PolicyIPAddressInfo (schema) (Deprecated)
IP address information
Used to specify the display name and value of the IPv4Address.
| Name | Description | Type | Notes |
|---|---|---|---|
| address_value | Value of the IPv4Address Value of the IPv4Address. |
IPv4Address | Required |
| display_name | Display name of the IPv4Address Display name used to help identify the IPv4Address. |
string | |
| next_hop | Next Hop of the IPv4Address Next hop used in auto-plumbing of static route. If a value is not provided, static route will not be auto-plumbed. |
IPv4Address |
PolicyNiocProfile (schema) (Deprecated)
Profile for Nioc
This profile is created for Network I/O Control(NIOC).
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enabled status of NIOC feature The enabled property specifies the status of NIOC feature. When enabled is set to true, NIOC feature is turned on and the bandwidth allocations specified for the traffic resources are enforced. When enabled is set to false, NIOC feature is turned off and no bandwidth allocation is guaranteed. By default, enabled will be set to true. |
boolean | Default: "True" |
| host_infra_traffic_res | Resource allocation associated with NiocProfile host_infra_traffic_res specifies bandwidth allocation for various traffic resources. |
array of PolicyPolicyResourceAllocation | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM. |
string | Readonly |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value PolicyNiocProfile | PolicyHostSwitchProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyTunnelDigestAlgorithm (schema) (Deprecated)
Digest Algorithms used in tunnel establishment
The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTunnelDigestAlgorithm | Digest Algorithms used in tunnel establishment The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. |
string | Deprecated Enum: SHA1, SHA2_256, SHA2_384, SHA2_512 |
PolicyTunnelEncryptionAlgorithm (schema) (Deprecated)
Encryption algorithm used in tunnel
TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged
during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses
128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin
authentication.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTunnelEncryptionAlgorithm | Encryption algorithm used in tunnel TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. |
string | Deprecated Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256 |
PortAttacher (schema) (Deprecated)
VM or vmknic entity attached to LogicalPort
| Name | Description | Type | Notes |
|---|---|---|---|
| entity | Reference to the attached entity This is a vmknic name if the attacher is vmknic. Otherwise, it is full path of the attached VM's config file |
string | Required |
| host | TransportNode on which the attacher resides | string | Required |
PreconfiguredEndpoint (schema) (Deprecated)
Tunnel endpoint configuration of preconfigured host switch
| Name | Description | Type | Notes |
|---|---|---|---|
| device_name | Name of the virtual tunnel endpoint | string | Required |
PreconfiguredHostSwitch (schema) (Deprecated)
Preconfigured host switch
Preconfigured host switch is used for manually configured transport node.
| Name | Description | Type | Notes |
|---|---|---|---|
| endpoints | List of virtual tunnel endpoints which are preconfigured on this host switch | array of PreconfiguredEndpoint | Maximum items: 1 |
| host_switch_id | External Id of the preconfigured host switch. | string | Required |
| transport_zone_endpoints | Transport zone endpoints. List of TransportZones that are to be associated with specified host switch. |
array of TransportZoneEndPoint |
PreconfiguredHostSwitchSpec (schema) (Deprecated)
Specification of transport node preconfigured host switch
Preconfigured host switch specification is used for manually configured transport node. It is user's responsibility to ensure correct configuration is provided to NSX. This type is only valid for supported KVM fabric nodes.
| Name | Description | Type | Notes |
|---|---|---|---|
| host_switches | Preconfigured Transport Node host switches | array of PreconfiguredHostSwitch | Required Maximum items: 1 |
| resource_type | Must be set to the value PreconfiguredHostSwitchSpec | string | Required Enum: StandardHostSwitchSpec, PreconfiguredHostSwitchSpec |
QosBaseRateShaper (schema) (Deprecated)
A shaper configuration entry that specifies type and metrics
This is an abstract type. Concrete child types:
EgressRateShaper
IngressBroadcastRateShaper
IngressRateShaper
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | boolean | Required | |
| resource_type | string | Required Enum: IngressRateShaper, IngressBroadcastRateShaper, EgressRateShaper Default: "IngressRateShaper" |
QosSwitchingProfile (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| class_of_service | Class of service Class of service groups similar types of traffic in the network and each type of traffic is treated as a class with its own level of service priority. The lower priority traffic is slowed down or in some cases dropped to provide better throughput for higher priority traffic. If the field is not provided during create / update call, a default value is assigned. |
int | Minimum: 0 Maximum: 7 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dscp | Dscp | ||
| id | Unique identifier of this resource | string | Sortable |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value QosSwitchingProfile | string | Required |
| shaper_configuration | array of QosBaseRateShaper (Abstract type: pass one of the following concrete types) EgressRateShaper IngressBroadcastRateShaper IngressRateShaper |
Minimum items: 0 Maximum items: 3 |
|
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
RateLimits (schema) (Deprecated)
Rate limiting configuration
Enables traffic limit for incoming/outgoing broadcast and multicast packets. Use 0 to disable rate limiting for a specific traffic type
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Whether rate limiting is enabled | boolean | Default: "False" |
| rx_broadcast | Incoming broadcast traffic limit in packets per second | int | Minimum: 0 Default: "0" |
| rx_multicast | Incoming multicast traffic limit in packets per second | int | Minimum: 0 Default: "0" |
| tx_broadcast | Outgoing broadcast traffic limit in packets per second | int | Minimum: 0 Default: "0" |
| tx_multicast | Outgoing multicast traffic limit in packets per second | int | Minimum: 0 Default: "0" |
ResourceAllocation (schema) (Deprecated)
Resource allocation information for a host infrastructure traffic type
Specify limit, shares and reservation for all kinds of traffic.
Values for limit and reservation are expressed in percentage. And for shares,
the value is expressed as a number between 1-100.
The overall reservation among all traffic types should not exceed 75%.
Otherwise, the API request will be rejected.
| Name | Description | Type | Notes |
|---|---|---|---|
| limit | Maximum bandwidth percentage The limit property specifies the maximum bandwidth allocation for a given traffic type and is expressed in percentage. The default value for this field is set to -1 which means the traffic is unbounded for the traffic type. All other negative values for this property is not supported and will be rejected by the API. |
number | Required Minimum: -1 Maximum: 100 Default: "-1.0" |
| reservation | Minimum guaranteed bandwidth percentage | number | Required Minimum: 0 Maximum: 75 Default: "0.0" |
| shares | Shares | int | Required Minimum: 1 Maximum: 100 Default: "50" |
| traffic_type | Resource allocation traffic type | HostInfraTrafficType | Required |
RouteBasedL3VpnSession (schema) (Deprecated)
Route based L3Vpn Session
A Route Based L3Vpn is more flexible, more powerful and recommended over policy based.
IP Tunnel subnet is created and all traffic routed through tunnel subnet is sent over
tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using
redundant L3Vpn.
| Name | Description | Type | Notes |
|---|---|---|---|
| default_rule_logging | Enable logging for whitelisted rule for the VTI interface Indicates if logging should be enabled for the default whitelisting rule for the VTI interface. |
boolean | Default: "False" |
| force_whitelisting | Flag to add default whitelisting FW rule for the VTI interface. The default firewall rule Action is set to DROP if true otherwise set to ALLOW. |
boolean | Default: "False" |
| resource_type | Must be set to the value RouteBasedL3VpnSession | L3VpnSessionResourceType | Required |
| routing_config_path | Routing configuration policy path This is a deprecated field. Any specified value is not saved and will be ignored. |
string | Deprecated |
| tunnel_subnets | Virtual Tunnel Interface (VTI) IP subnets Virtual tunnel interface (VTI) port IP subnets to be used to configure route-based L3Vpn session. A max of one tunnel subnet is allowed. |
array of TunnelSubnet | Required Minimum items: 1 Maximum items: 1 |
ServerAuthType (schema) (Deprecated)
server authentication mode
Server authentication could be REQUIRED or IGNORE, it is used to specify
if the server certificate presented to the load balancer during handshake
should be actually validated or not. Validation is disabled by default.
If validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.
| Name | Description | Type | Notes |
|---|---|---|---|
| ServerAuthType | server authentication mode Server authentication could be REQUIRED or IGNORE, it is used to specify if the server certificate presented to the load balancer during handshake should be actually validated or not. Validation is disabled by default. If validation is REQUIRED, then to be accepted, server certificate must be signed by one of the trusted CAs whose self signed certificates are specified in the same server-side SSL profile binding. |
string | Deprecated Enum: REQUIRED, IGNORE |
ServerSslProfileBinding (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_chain_depth | the maximum traversal depth of server certificate chain authentication depth is used to set the verification depth in the server certificates chain. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| client_certificate_id | client certificate identifier To support client authentication (load balancer acting as a client authenticating to the backend server), client certificate can be specified in the server-side SSL profile binding |
string | |
| server_auth | server authentication mode | ServerAuthType | Default: "IGNORE" |
| server_auth_ca_ids | CA identifier list to verify server certificate If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. |
array of string | |
| server_auth_crl_ids | CRL identifier list to verify server certificate A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates. |
array of string | |
| ssl_profile_id | server SSL profile identifier Server SSL profile defines reusable, application-independent server side SSL properties. |
string |
SnatTranslationType (schema) (Deprecated)
Snat translation type
Load balancers may need to perform SNAT to ensure reverse traffic from
the server can be received and processed by them.
There are two modes:
LbSnatAutoMap uses the load balancer interface IP and an
ephemeral port as the source IP and port of the server side connection.
LbSnatIpPool allows user to specify one or more IP addresses
along with their subnet masks that should be used for SNAT while
connecting to any of the servers in the pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| SnatTranslationType | Snat translation type Load balancers may need to perform SNAT to ensure reverse traffic from the server can be received and processed by them. There are two modes: LbSnatAutoMap uses the load balancer interface IP and an ephemeral port as the source IP and port of the server side connection. LbSnatIpPool allows user to specify one or more IP addresses along with their subnet masks that should be used for SNAT while connecting to any of the servers in the pool. |
string | Deprecated Enum: LbSnatAutoMap, LbSnatIpPool |
Snmpv3User (schema) (Deprecated)
SNMP v3 user
This object contains properties for a SNMP v3 user that can be used to receive SNMP traps/notifications from NSX and/or poll NSX nodes over SNMP.
| Name | Description | Type | Notes |
|---|---|---|---|
| access | Type of access Access permissions for polling NSX nodes over SNMP v3. |
string | Enum: READ_ONLY Default: "READ_ONLY" |
| auth_password | Authentication password Authentication password used for SNMP v3 communication. This field is required when adding a user. When updating a user, do not include this field in the request. If this field is present in an update request, it will be considered as a new value for authentication password. |
secure_string | |
| priv_password | Privacy password Privacy password used for SNMP v3 communication. This field is required when adding a user. When updating a user, do not include this field in the request. If this field is present in an update request, it will be considered as a new value for privacy password. |
secure_string | |
| security_level | Security level Security level indicates whether SNMP communication involves authentication and privacy protocols for this user. Value "AUTH_PRIV" indicates both authentication and privacy protocols will be used for SNMP communication. |
string | Enum: AUTH_PRIV Default: "AUTH_PRIV" |
| user_id | User ID Unique SNMP v3 user id. |
string | Required Minimum length: 1 Maximum length: 32 |
SpoofGuardSwitchingProfile (schema) (Deprecated)
SpoofGuard configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value SpoofGuardSwitchingProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| white_list_providers | List of providers for white listed address bindings. | array of WhiteListProvisionType | Required |
SslCipher (schema) (Deprecated)
SSL cipher
ECDH ciphers and 3DES ciphers are not supported because they are not supported
by OpenSSL 3.0.
Deprecated ciphers which do not comply with OpenSSL 3.0:
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
| Name | Description | Type | Notes |
|---|---|---|---|
| SslCipher | SSL cipher ECDH ciphers and 3DES ciphers are not supported because they are not supported by OpenSSL 3.0. Deprecated ciphers which do not comply with OpenSSL 3.0: - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
string | Deprecated Enum: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
SslCipherGroup (schema) (Deprecated)
SSL cipher group
SslCipherGroup can be configured in LB SSL profiles.
The BALANCED SSL profile supports a mix of SSL protocols and ciphers to
offer a perfect mix of performance and security to clients/servers.
The HIGH_SECURITY SSL profile supports the highest-secured SSL protocols
and ciphers to offer the most secured access to clients/servers.
The HIGH_COMPATIBILITY SSL profile supports a large range of SSL protocols
and ciphers to offer access to the widest range of clients/servers.
| Name | Description | Type | Notes |
|---|---|---|---|
| SslCipherGroup | SSL cipher group SslCipherGroup can be configured in LB SSL profiles. The BALANCED SSL profile supports a mix of SSL protocols and ciphers to offer a perfect mix of performance and security to clients/servers. The HIGH_SECURITY SSL profile supports the highest-secured SSL protocols and ciphers to offer the most secured access to clients/servers. The HIGH_COMPATIBILITY SSL profile supports a large range of SSL protocols and ciphers to offer access to the widest range of clients/servers. |
string | Deprecated Enum: BALANCED, HIGH_SECURITY, HIGH_COMPATIBILITY, CUSTOM |
SslProtocol (schema) (Deprecated)
SSL protocol
Only TLS_V1_2 is supported.
Deprecated protocols which do not comply with OpenSSL 3.0:
- SSL_V2
- SSL_V3
- TLS_V1
- TLS_V1_1
| Name | Description | Type | Notes |
|---|---|---|---|
| SslProtocol | SSL protocol Only TLS_V1_2 is supported. Deprecated protocols which do not comply with OpenSSL 3.0: - SSL_V2 - SSL_V3 - TLS_V1 - TLS_V1_1 |
string | Deprecated Enum: SSL_V2, SSL_V3, TLS_V1, TLS_V1_1, TLS_V1_2 |
StandbyRelocationConfig (schema) (Deprecated)
Standby service contexts relocation setting
| Name | Description | Type | Notes |
|---|---|---|---|
| standby_relocation_threshold | Standby service context relocation wait time The time interval (in minutes) to wait before starting the standby service context relocation process. In some cases, the standby relocation trigger may take more time than what is set in threshold because of multiple different reasons, as listed below A. Standby relocation process runs as a background task which poll edge clusters at pre-defined interval of 5 minutes, to check for standby relocation. If during one cycle of standby relocation, an edge is found to be down, and the time remaining to threshold expiry in less then 5 minutes (for example 2 minute), than this relocation will be picked up in next cycle of standby relocation after 5 minutes, and not after 2 minutes. B. If edge becomes down at X time, then edge might take few seconds or minutes for all services to completely go down and report that they are down. So actual time when unified appliance knows edge is down may be X + delta. This delta time adds to the actual standby relocation threshold expiry, and once the [standby relocation threshold time + delta time] is complete for an edge node, and the edge is still down, than the standby relocation task will be performed for this edge node in the next cycle, that may be due to run anytime within next 5 minutes. |
integer | Minimum: 10 Maximum: 20000 Default: "30" |
StaticIpListSpec (schema) (Deprecated)
IP assignment specification for Static IP List.
| Name | Description | Type | Notes |
|---|---|---|---|
| default_gateway | Gateway IP | IPAddress | Required |
| ip_list | List of IPs for transport node host switch virtual tunnel endpoints | array of IPAddress | Required Maximum items: 32 |
| resource_type | Must be set to the value StaticIpListSpec | string | Required Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec, NoIpv4 |
| subnet_mask | Subnet mask | IPAddress | Required |
StaticIpMacListSpec (schema) (Deprecated)
IP and MAC assignment specification for Static IP List.
| Name | Description | Type | Notes |
|---|---|---|---|
| default_gateway | Gateway IP | IPAddress | Required |
| ip_mac_list | List of IPs and MACs for transport node host switch virtual tunnel endpoints | array of IpMacPair | Required Maximum items: 32 |
| resource_type | Must be set to the value StaticIpMacListSpec | string | Required Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec, NoIpv4 |
| subnet_mask | Subnet mask | IPAddress | Required |
StaticIpPoolSpec (schema) (Deprecated)
IP assignment specification for Static IP Pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_pool_id | string | Required | |
| resource_type | Must be set to the value StaticIpPoolSpec | string | Required Enum: StaticIpPoolSpec, StaticIpListSpec, AssignedByDhcp, StaticIpMacListSpec, NoIpv4 |
SwitchSecuritySwitchingProfile (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| block_non_ip_traffic | A flag to block all traffic except IP/(G)ARP/BPDU | boolean | Default: "False" |
| bpdu_filter | Enables or disables BPDU filtering BPDU filtering is enabled by default. A pre-defined list of MAC addresses are automatically excluded from BPDU filtering. |
BpduFilter | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_filter | Filters DHCP server and/or client traffic. DHCP server blocking is enabled and client blocking is disabled by default |
DhcpFilter | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ra_guard_enabled | Indicates whether ra guard should be enabled RA Guard when enabled blocks unauthorized/rogue Router Advertisement (RA) packets. |
boolean | Default: "True" |
| rate_limits | Allows configuration of rate limits for broadcast and multicast traffic Rate limiting is disabled by default |
RateLimits | |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value SwitchSecuritySwitchingProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
SwitchingProfileDeleteParameters (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| unbind | force unbinding of logical switches and ports from a switching profile | boolean | Default: "False" |
SwitchingProfileListParameters (schema) (Deprecated)
Switching profile list parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_system_owned | Whether the list result contains system resources | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| switching_profile_type | comma-separated list of switching profile types, e.g. ?switching_profile_type=QosSwitchingProfile,IpDiscoverySwitchingProfile | string |
SwitchingProfileStatus (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| num_logical_ports | Number of logical ports using a switching profile | integer | Required Readonly |
| num_logical_switches | Number of logical switches using a switching profile | integer | Readonly |
| switching_profile_id | Identifier for the switching profile | string |
SwitchingProfileType (schema) (Deprecated)
Supported switching profiles.
Supported switching profiles.
'PortMirroringSwitchingProfile' is deprecated, please turn to
"Troubleshooting And Monitoring: Portmirroring" and use
PortMirroringSession API for port mirror function.
| Name | Description | Type | Notes |
|---|---|---|---|
| SwitchingProfileType | Supported switching profiles. Supported switching profiles. 'PortMirroringSwitchingProfile' is deprecated, please turn to "Troubleshooting And Monitoring: Portmirroring" and use PortMirroringSession API for port mirror function. |
string | Deprecated Enum: QosSwitchingProfile, PortMirroringSwitchingProfile, IpDiscoverySwitchingProfile, SpoofGuardSwitchingProfile, SwitchSecuritySwitchingProfile, MacManagementSwitchingProfile, RealTimeEthernetSwitchingProfile |
SwitchingProfileTypeIdEntry (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| key | SwitchingProfileType | ||
| value | key value | string | Required |
SwitchingProfilesListResult (schema) (Deprecated)
Switching Profile queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Switching Profile Results | array of BaseSwitchingProfile (Abstract type: pass one of the following concrete types) IpDiscoverySwitchingProfile MacManagementSwitchingProfile QosSwitchingProfile SpoofGuardSwitchingProfile SwitchSecuritySwitchingProfile |
Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TeamingPolicy (schema) (Deprecated)
Uplink Teaming Policy
| Name | Description | Type | Notes |
|---|---|---|---|
| active_list | List of Uplinks used in active list | array of Uplink | Required |
| policy | Teaming policy | string | Required Enum: FAILOVER_ORDER, LOADBALANCE_SRCID, LOADBALANCE_SRC_MAC |
| rolling_order | Flag for preemptive mode | boolean | |
| standby_list | List of Uplinks used in standby list | array of Uplink |
TransportNodeDeleteParameters (schema) (Deprecated)
Parameters that affect how delete operations are processed
| Name | Description | Type | Notes |
|---|---|---|---|
| force | Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being referred as a resource reference. |
boolean | Default: "False" |
| unprepare_host | Uninstall NSX components from host while deleting | boolean | Default: "True" |
TransportNodeDeploymentProgressState (schema) (Deprecated)
Deployment progress of transport node
Deployment progress state of transport node. Object has current deployment step title and progress in percentage.
| Name | Description | Type | Notes |
|---|---|---|---|
| current_step_title | Deployment step title | string | Readonly |
| progress | Percentage of deployment completed | integer | Readonly |
TransportNodeMemberInfo (schema) (Deprecated)
Information about participating transport nodes
| Name | Description | Type | Notes |
|---|---|---|---|
| compute_collection_id | Id of the compute collection to which this transport node belongs. Empty if this is standalone transport node or non ESX type node. | string | Readonly |
| host_switches | List of host switches using the transport zone | array of HostSwitchInfo | Readonly |
| transport_node_display_name | Display name of the transport node which has one or more host switches which belong to associated transport zone. | string | Readonly |
| transport_node_id | Id of the transport node which has one or more host switches which belong to associated transport zone. | string | Required Readonly |
TransportNodeProfile (schema) (Deprecated)
Transport Node Profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| host_switch_spec | Transport node host switch specification The HostSwitchSpec is the base class for standard and preconfigured host switch specifications. Only standard host switches are supported in the transport node profile. |
HostSwitchSpec (Abstract type: pass one of the following concrete types) PreconfiguredHostSwitchSpec StandardHostSwitchSpec |
|
| id | Unique identifier of this resource | string | Sortable |
| ignore_overridden_hosts | Determines if cluster-level configuration should be applied on overridden hosts Transport Node Profiles specify the configuration that is applied to all hosts in a cluster. The user has the ability to update the configuration on individual hosts within a cluster which will cause the host configuration to differ from the Transport Node Profile and results in the host to be marked as overridden. If a Transport Node Profile is edited or a new Transport Node Profile is applied on a Transport Node Collection, by default, the host configuration will be overwritten with the Transport Node Profile configuration and the overridden flag will be reset to false. This flag should be used when hosts that are set as overridden should not adopt the Transport Node Profile configuration when it is being updated or a new one is applied to the Transport Node Collection. In other words, when this flag is set to the default value of false and configuration is applied at the cluster level, the configuration will be applied on all hosts regardless if overridden or not. When this flag is set to true, all hosts that are set as overridden, i.e., have been updated invidivually, will be ignored and the cluster-level configuration will not be applied. Note, Transport Node Profiles can be applied on multiple clusters. This field will dictate the behavior followed by all clusters using this Transport Node Profile. |
boolean | Default: "False" |
| resource_type | Must be set to the value TransportNodeProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
TransportNodeProfileListResult (schema) (Deprecated)
Transport Node Profile queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | TransportNodeProfile Results | array of TransportNodeProfile | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TransportNodeUpdateParameters (schema) (Deprecated)
Transport node update parameters
Transport node update parameters are mainly used for migrating ESX VMkernel (vmk) interfaces and VM NICs into or out-of logical switches. The 'esx_mgmt_if_migration_dest' and 'if_id' must be used as a pair to migrate vmk interfaces; they can not be used to migrate VM NICs. NSX manager will auto-create logical ports and vif ids for the vmk interfaces when they are used to migrate vmks into logical switches. The 'vnic' and 'vnic_migration_dest' must also be used as a pair; they can be used to migrate both vmk interfaces and VM NICs. When they are used to migrate interfaces into logical switches, logical ports and vif ids must be created in advance because 'vnic_migration_dest' must contain existing vif ids. These two paires can not be specified together.
| Name | Description | Type | Notes |
|---|---|---|---|
| esx_mgmt_if_migration_dest | The network ids to which the ESX vmk interfaces will be migrated A comma separated list of network ids. When migrating vmks into logical switches, the ids are the logical switches's ids. When migrating out of logical switches, the ids are vSphere Standard Switch portgroup names in a single vSphere Standard Switch, or distributed virtual portgroup names in a single distributed virtual switch (DVS). This property can only used together with 'if_id'. |
string | |
| if_id | The ESX vmk interfaces to migrate A comma separated list of vmk interfaces (for example, vmk0,vmk1). This property can only used along with 'esx_mgmt_if_migration_dest'. If all vmk interfaces will be migrated into the same logical switch or DV portgroup, the 'esx_mgmt_if_migration_dest' can be just one logical switch id or DV portgroup name. Otherwise the number of vmks in this list must equal the number of ids in 'esx_mgmt_if_migration_dest' list, and the orders of the two lists are important because the vmks match the network ids one by one in the same order. |
string | |
| override_nsx_ownership | Override NSX Ownership Flag indicating whether the NSX ownership constraints (on Managed Objects like Host/Cluster/DVS) should be overridden/bypassed. Note: Overriding/bypassing NSX ownership constraints is not recommended at all. This indicates, you want to use/configure/own certain Managed Objects (like Cluster, Host or DVS) which seem to be already in use/configured/owned by some other NSX instance. This option should be used with caution. It should only be used to come out of situations where: a. The other NSX instance no longer intends to use the Managed Objects (and has already unconfigured NSX configurations) but the ownership still lies with it (incorrectly) and you want those Managed Objects to be used/configured/owned by this NSX instance. b. The other NSX instance has crashed or decommisioned but the ownership still lies with it and you want those Managed Objects to be used/configured/owned by this NSX instance. Enabling this option, while the Managed Objects affected by this operation are actively used by other NSX, can lead to problematic states on both the NSX instances. For example, if a TN is forcefully reconfigured by this NSX instance (using override_nsx_ownership=true), while it was already configured and in use by the other NSX instance, it could corrupt the HostSwitch configurations pushed down by the other NSX instance. |
boolean | Default: "False" |
| ping_ip | IP Addresses to ping right after ESX vmk interfaces were migrated. A comma separated list of IP addresses that match the vmk interfaces given in property 'if_id" or 'vnic' one-by-one in the same order. '0.0.0.0' is a special IP that indicates the pre-migration gateway of the vmk will be pinged post-migration. If a VMK does not need the ping ip or a VM NIC is given inside 'vnic', the ping ip must be skipped but the comma has to stay. For example, '0.0.0.0,,10.1.1.1' indicates the vmk or VM NIC at the 2nd position does not need ping post-migration. Right after all ESX vmk interfaces are migrated, ping packets will be sent through each vmk to its given ping_ip to check if the migraton will break the network connectivity or not. If any vmk_ping fails, the whole migration of all vmks will be rolled back and transport-node will be in failed state. |
string | |
| skip_validation | Whether to skip front-end validation for vmk/vnic/pnic migration If this property is set true, all front-end validation for vmk, vnic, and/or pnic migration will be skipped. This is useful when the remote host becomes unreachable as a result of a migration; in which case the front-end validation will always fail because data from the remote host is no longer available. Skipping the validation will allow user to undo the migration by updating the transport node first and then restoring the host network connectivity. |
boolean | Default: "False" |
| vnic | The ESX vmk interfaces and/or VM NIC to migrate A comma separated list of vmk interfaces and/or one VM NIC. Only one VM NIC is allowed in the list; the format must be vmInstanceUuid:DeviceId like '50ca5f2d-1fa2-432d-991e-f01e0e16d182:4000'. An example list is 'vmk0,vmk1,50ca5f2d-1fa2-432d-991e-f01e0e16d182:4000'. The property can only be used along with 'vnic_migration_dest'. |
string | |
| vnic_migration_dest | The migration destinations of ESX vmk interfaces and/or VM NIC A comma separated list of vif ids, or port group names. When migrating into logical switches, the ids are vif ids in the logical ports created in the logical switches. When migrating out of logical switches, the ids are vSphere Standard Switch portgroup names in a single vSphere Standard Switch, or distributed virtual portgroup names in a single distributed virtual switch (DVS). The property can only be used in combination with property 'vnic'. The number of vnic interfaces in 'vnic' must equal the number of vif ids or port-group names in this list. The items in the two lists match by the the order. |
string |
TransportType (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| TransportType | string | Deprecated Enum: OVERLAY, VLAN |
TransportZone (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| authorized_vlans | Authorized VLAN ids for this TransportZone This field lists vlan ids allowed on logical network entities, eg. Segments, bridges, etc. created under this transport zone. Can be empty, VLAN id or a range of VLAN ids specified with '-' in between. An empty list allows all vlan ids. |
array of string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| forwarding_mode | The forwarding mode of this transport zone. | ForwardingMode | |
| id | Unique identifier of this resource | string | Sortable |
| is_default | Flag to indicate if the transport zone is the default one. Only one transport zone can be the default one for a given transport zone type. APIs that need transport zone can choose to use the default transport zone if a transport zone is not given. |
boolean | Default: "False" |
| nested_nsx | Flag to indicate if all transport nodes in this transport zone are connected through nested NSX. This flag should be set to true in nested NSX environment. When the "allow_changing_vdr_mac_in_use" property in the global config object RoutingGlobalConfig is false, this flag can not be changed if this transport zone is OVERLAY and the change will make any transport node in this transport zone to change the VDR MAC used in any host switch. When this flag is true and this transport zone is OVERLAY, all host switches in this transport zone will use the VDR MAC in the "vdr_mac_nested" property in the global config object RoutingGlobalConfig. |
boolean | Default: "False" |
| origin_id | The host switch id generated by the system. This field is populated only if the transport zone was created by NSX system to support security on vSphere Distributed Switch (vDS). The origin_id will refer to the identifier of corresponding vDS from it's parent vCenter server. |
string | Readonly |
| resource_type | Must be set to the value TransportZone | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_type | The transport type of this transport zone. | TransportType | Required |
| transport_zone_profile_ids | Identifiers of the transport zone profiles associated with this TransportZone. | array of TransportZoneProfileTypeIdEntry | |
| uplink_teaming_policy_names | Names of the switching uplink teaming policies that are supported by this transport zone. The names of switching uplink teaming policies that all transport nodes in this transport zone must support. An exception will be thrown if a transport node within the transport zone does not support a named teaming policy. The user will need to first ensure all trasnport nodes support the desired named teaming policy before assigning it to the transport zone. If the field is not specified, the host switch's default teaming policy will be used. |
array of string |
TransportZoneEndPoint (schema) (Deprecated)
This object associates TransportNode to a certain TransportZone
Specify which HostSwitch from this TransportNode is used handle traffic for given TransportZone
| Name | Description | Type | Notes |
|---|---|---|---|
| transport_zone_id | Unique ID identifying the transport zone for this endpoint For MP APIs provide UUID of transport zone. For Policy APIs provide policyPath of transport zone. |
string | Required |
| transport_zone_profile_ids | Identifiers of the transport zone profiles associated with this transport zone endpoint on this transport node. For MP APIs provide UUID of transport zone profiles. For Policy APIs provide policyPath of transport zone profiles. |
array of TransportZoneProfileTypeIdEntry |
TransportZoneListParameters (schema) (Deprecated)
Transport Zone list parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| display_name | The transport zone's display name If set, all transport zones with matching display name will be returned. |
string | |
| include_system_owned | Filter to indicate whether to include system owned Transport Zones. | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| is_default | Filter to choose if default transport zones will be returned If set to true, only the default transport zones will be returned. If set to false, all transport zones except the default ones will be returned. If unset, all transport zones will be returned. |
boolean | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| transport_type | Filter to choose the type of transport zones to return If set, only transport zones of the given type will be returned; otherwise transport zones of all types will be returned. |
TransportType | |
| uplink_teaming_policy_name | The transport zone's uplink teaming policy name All transport zone's with the specified uplink teaming policy name. Otherwise, transport zones with any uplink teaming policy will be returned. |
string |
TransportZoneListResult (schema) (Deprecated)
Transport zone queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Transport Zone Results | array of TransportZone | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TransportZoneProfile (schema) (Deprecated)
This is an abstract type. Concrete child types:
BfdHealthMonitoringProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value TransportZoneProfile | string | Required Enum: BfdHealthMonitoringProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
TransportZoneProfileListParameters (schema) (Deprecated)
Transport zone profile list parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_system_owned | Whether the list result contains system resources | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| resource_type | comma-separated list of transport zone profile types, e.g. ?resource_type=BfdHealthMonitoringProfile | string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
TransportZoneProfileListResult (schema) (Deprecated)
Transport zone profile queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Transport zone profile results | array of TransportZoneProfile (Abstract type: pass one of the following concrete types) BfdHealthMonitoringProfile |
Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TransportZoneProfileType (schema) (Deprecated)
Supported transport zone profiles.
| Name | Description | Type | Notes |
|---|---|---|---|
| TransportZoneProfileType | Supported transport zone profiles. | string | Deprecated Enum: BfdHealthMonitoringProfile |
TransportZoneProfileTypeIdEntry (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| profile_id | profile id of the resource type | string | Required |
| resource_type | Selects the type of the transport zone profile | TransportZoneProfileType |
TransportZoneStatus (schema) (Deprecated)
Transport zone runtime status information
| Name | Description | Type | Notes |
|---|---|---|---|
| num_logical_ports | Count of logical ports in the transport zone | int | Required Readonly |
| num_logical_switches | Count of logical switches in the transport zone | int | Required Readonly |
| num_transport_nodes | Count of transport nodes in the transport zone | int | Required Readonly |
| transport_node_members | Information about transport nodes which are part of this transport zone | array of TransportNodeMemberInfo | Readonly |
| transport_zone_id | Unique ID identifying the transport zone | string | Required Readonly |
TrunkVlanRange (schema) (Deprecated)
Trunk VLAN id range
| Name | Description | Type | Notes |
|---|---|---|---|
| end | VlanID | Required | |
| start | VlanID | Required |
TunnelSubnet (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | Subnet ip addresses | array of IPv4Address | Required Minimum items: 1 Maximum items: 1 |
| prefix_length | Subnet Prefix Length | integer | Required Minimum: 1 Maximum: 31 |
UplinkHostSwitchProfile (schema) (Deprecated)
Profile for uplink policies
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| lags | list of LACP group | array of Lag | Maximum items: 64 |
| mtu | Maximum Transmission Unit used for uplinks | int | Minimum: 1280 |
| named_teamings | List of named uplink teaming policies that can be used by logical switches | array of NamedTeamingPolicy | Maximum items: 32 |
| overlay_encap | The protocol used to encapsulate overlay traffic | string | Enum: VXLAN, GENEVE Default: "GENEVE" |
| required_capabilities | array of string | Readonly | |
| resource_type | Must be set to the value UplinkHostSwitchProfile | HostSwitchProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| teaming | Default TeamingPolicy associated with this UplinkProfile | TeamingPolicy | Required |
| transport_vlan | VLAN used for tagging Overlay traffic of associated HostSwitch | VlanID | Default: "0" |
VdsUplink (schema) (Deprecated)
VMware vSphere Distributed Switch (VDS) uplink/LAG mapping
If Virtual Distributed Switch is used as a HostSwitch to configure TransportNode or TransportNodeProfie, this mapping should be specified. You can either use vds_uplink_name or vds_lag_name to associate with uplink_name from UplinkHostSwitch profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| uplink_name | Uplink name from UplinkHostSwitch profile This name is from UplinkHostSwitch profile that is associated with the HostSwitch specified in TransportNode or TransportNodeProfile configuration. This name will be used as an alias to either VDS uplink or lag in other configuration. |
string | Required |
| vds_lag_name | Link Aggregation Group (LAG) name of Virtual Distributed Switch LAG name that is connected to Physical NIC on a host from vSphere. |
string | |
| vds_uplink_name | Uplink name of VMware vSphere Distributed Switch (VDS) Uplink name of VDS that is connected to Physical NIC on a host from vSphere. |
string |
VifAttachmentContext (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| allocate_addresses | A flag to indicate whether to allocate addresses from allocation pools bound to the parent logical switch. | string | Enum: IpPool, MacPool, Both, None, Dhcp, DhcpV6, SLAAC |
| app_id | ID used to identify/look up a child VIF behind a parent VIF An application ID used to identify / look up a child VIF behind a parent VIF. Only effective when vif_type is CHILD. |
string | |
| bms_interface_config | Application interface configuration for Bare metal server Indicate application interface configuration for Bare Metal Server. Only effective when vif_type is INDEPENDENT. |
AttachedInterface | |
| parent_vif_id | VIF ID of the parent VIF if vif_type is CHILD | string | |
| resource_type | Must be set to the value VifAttachmentContext | string | Required |
| traffic_tag | Tag used for the traffic between this VIF and parent VIF Current we use VLAN id as the traffic tag. Only effective when vif_type is CHILD. Each logical port inside a container must have a unique traffic tag. If the traffic_tag is not unique, no error is generated, but traffic will not be delivered to any port with a non-unique tag. |
int | |
| transport_node_uuid | The UUID of the transport node Only effective when vif_type is INDEPENDENT. Each logical port inside a bare metal server or container must have a transport node UUID. We use transport node ID as transport node UUID. |
string | |
| vif_type | Type of the VIF attached to logical port | string | Required Enum: PARENT, CHILD, INDEPENDENT |
VlanTrunkSpec (schema) (Deprecated)
VLAN trunk range specification
VlanTrunkspec is used for specifying trunk VLAN id ranges.
| Name | Description | Type | Notes |
|---|---|---|---|
| vlan_ranges | Trunk VLAN id ranges | array of TrunkVlanRange | Required |
VmknicNetwork (schema) (Deprecated)
Vmknic network specification
Mapping of all vmk interfaces to destination networks
| Name | Description | Type | Notes |
|---|---|---|---|
| destination_network | The network id to which the ESX vmk interface will be migrated. When migrating vmks to N-VDS/logical switches, the id is the logical switch id. When migrating out of N-VDS/logical switches, the id is the vSphere Switch portgroup name in a single vSphere Standard Switch (VSS), or distributed virtual portgroup name in a single distributed virtual switch (DVS). |
string | Required |
| device_name | ESX vmk interface name The vmk interface name, e.g., vmk0, vmk1; the id assigned by vCenter. |
string | Required |
WhiteListProvisionType (schema) (Deprecated)
Ways to provide white listed addresses for SpoofGuard
| Name | Description | Type | Notes |
|---|---|---|---|
| WhiteListProvisionType | Ways to provide white listed addresses for SpoofGuard | string | Deprecated Enum: LPORT_BINDINGS |
XForwardedForType (schema) (Deprecated)
x-forwarded-for type
| Name | Description | Type | Notes |
|---|---|---|---|
| XForwardedForType | x-forwarded-for type | string | Deprecated Enum: INSERT, REPLACE |