| Parameter |
Choices/Defaults |
Comments |
|
achieve_subresource_state_if_del_parent
boolean
|
|
Can be used to achieve the state of subresources even if the parent(base) resource's state is absent.
Can be specified for each subresource.
|
|
address_bindings
list
/ elements=dictionary
|
|
Address bindings for the Segment
|
|
ip_address
string
|
|
IP Address for port binding
|
|
mac_address
string
|
|
Mac address for port binding
|
|
vlan_id
integer
|
|
VLAN ID for port binding
|
|
admin_state
string
|
|
Represents Desired state of the Segment
|
|
advanced_config
dictionary
|
|
Advanced configuration for Segment.
|
|
address_pool_display_name
string
|
|
IP address pool display name
Either this or address_pool_id must be specified. If both are specified, address_pool_id takes precedence
|
|
address_pool_id
string
|
|
IP address pool ID
Either this or address_pool_display_name must be specified. If both are specified, address_pool_id takes precedence
|
|
connectivity
string
|
|
Connectivity configuration to manually connect (ON) or disconnect (OFF) a logical entity from network topology. Only valid for Tier1 Segment
|
|
hybrid
boolean
|
|
Flag to identify a hybrid logical switch
When set to true, all the ports created on this segment will behave in a hybrid fashion. The hybrid port indicates to NSX that the VM intends to operate in underlay mode, but retains the ability to forward egress traffic to the NSX overlay network. This property is only applicable for segment created with transport zone type OVERLAY_STANDARD. This property cannot be modified after segment is created.
|
|
local_egress
boolean
|
|
Flag to enable local egress
This property is used to enable proximity routing with local egress. When set to true, logical router interface (downlink) connecting Segment to Tier0/Tier1 gateway is configured with prefix-length 32.
|
|
local_egress_routing_policies
list
/ elements=dictionary
|
|
An ordered list of routing policies to forward traffic to the next hop.
|
|
|
nexthop_address
string
/ required
|
|
Next hop address for proximity routing
|
|
|
prefix_list_paths
list
/ elements=string / required
|
|
Policy path to prefix lists
max 1 element
The destination address of traffic matching a prefix-list is forwarded to the nexthop_address. Traffic matching a prefix list with Action DENY will be dropped. Individual prefix-lists specified could have different actions.
|
|
multicast
boolean
|
|
Enable multicast on the downlink
Enable multicast for a segment. Only applicable for segments connected to Tier0 gateway.
|
|
uplink_teaming_policy_name
string
|
|
Uplink Teaming Policy Name
The name of the switching uplink teaming policy for the Segment. This name corresponds to one of the switching uplink teaming policy names listed in TransportZone associated with the Segment. When this property is not specified, the segment will not have a teaming policy associated with it and the host switch's default teaming policy will be used by MP.
|
|
bridge_profiles
list
/ elements=dictionary
|
|
Bridge Profile Configuration
|
|
bridge_profile_path
string
/ required
|
|
Policy path to L2 Bridge profile
Same bridge profile can be configured on different segments. Each bridge profile on a segment must unique.
|
|
uplink_teaming_policy_name
string
|
|
Uplink Teaming Policy Name
The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one of the switching uplink teaming policy names listed in the transport zone. When this property is not specified, the teaming policy is assigned by MP.
|
|
vlan_ids
string
|
|
VLAN specification for bridge endpoint. Either VLAN ID or VLAN ranges can be specified. Not both.
|
|
vlan_transport_zone_path
string
/ required
|
|
Policy path to VLAN Transport Zone
VLAN transport zone should belong to the enforcment-point as the transport zone specified in the segment.
|
|
ca_path
string
|
|
Path to the CA bundle to be used to verify host's SSL certificate
|
|
connectivity_path
string
|
|
Policy path to the connecting Tier-0 or Tier-1. Valid only for segments created under Infra
|
|
create_or_update_subresource_first
boolean
|
|
Can be used to create subresources first.
Can be specified for each subresource.
|
|
delete_subresource_first
boolean
|
|
Can be used to delete subresources first.
Can be specified for each subresource.
|
|
description
string
|
|
Segment description.
|
|
dhcp_config_path
string
|
|
Policy path to DHCP configuration
Policy path to DHCP server or relay configuration to use for all IPv4 & IPv6 subnets configured on this segment.
|
|
display_name
string
|
|
Display name.
If resource ID is not specified, display_name will be used as ID.
|
|
do_wait_till_create
boolean
|
|
Can be used to wait for the realization of subresource before the request to create the next resource is sent to the Manager.
Can be specified for each subresource.
|
|
domain_name
string
|
|
Domain name associated with the Policy Segment.
|
|
enforcementpoint_id
string
|
Default:
"default"
|
The EnforcementPoint ID where the TZ is located. Required if transport_zone_id is specified.
|
|
extra_configs
list
/ elements=dictionary
|
|
Extra configs on Segment
This property could be used for vendor specific configuration in key value string pairs, the setting in extra_configs will be automatically inheritted by segment ports in the Segment.
|
|
config_pair
dictionary
/ required
|
|
Key value pair in string for the configuration
|
|
|
key
string
/ required
|
|
Key
|
|
|
value
string
/ required
|
|
Value
|
|
hostname
string
/ required
|
|
Deployed NSX manager hostname.
|
|
id
string
|
|
The id of the Policy Segment.
|
|
l2_extension
dictionary
|
|
Configuration for extending Segment through L2 VPN
|
|
l2vpn_paths
list
/ elements=string
|
|
Policy paths corresponding to the associated L2 VPN sessions
|
|
local_egress
dictionary
|
|
Local Egress
|
|
|
optimized_ips
list
/ elements=string
|
|
Gateway IP for Local Egress. Local egress is enabled only when this list is not empty
|
|
tunnel_id
integer
|
|
Tunnel ID
|
|
mac_pool_id
string
|
|
Allocation mac pool associated with the Segment
|
|
metadata_proxy_paths
list
/ elements=string
|
|
Metadata Proxy Configuration Paths
|
|
nsx_cert_path
string
|
|
Path to the certificate created for the Principal Identity using which the CRUD operations should be performed
|
|
nsx_key_path
string
|
|
Path to the certificate key created for the Principal Identity using which the CRUD operations should be performed
Must be specified if nsx_cert_path is specified
|
|
overlay_id
integer
|
|
Overlay connectivity ID for this Segment
Used for overlay connectivity of segments. The overlay_id should be allocated from the pool as definied by enforcement-point. If not provided, it is auto-allocated from the default pool on the enforcement-point
|
|
password
string
|
|
The password to authenticate with the NSX manager.
Must be specified if username is specified
|
|
replication_mode
string
|
|
Replication mode of the Segment
|
|
request_headers
dictionary
|
|
HTTP request headers to be sent to the host while making any request
|
|
segment_ports
list
|
|
Add the Segment Ports to be create, updated, or deleted in this section
|
|
address_bindings
list
/ elements=dictionary
|
|
Static address binding used for the port.
|
|
attachment
dictionary
|
|
VIF attachment.
|
|
|
allocate_addresses
string
|
Choices:
- IP_POOL
- MAC_POOL
- BOTH
- NONE
|
Indicate how IP will be allocated for the port.
|
|
|
app_id
string
|
|
ID used to identify/look up a child attachment behind a parent attachment.
|
|
|
context_id
string
|
|
Parent VIF ID if type is CHILD, Transport node ID if type is INDEPENDENT.
|
|
|
id
string
|
|
VIF UUID on NSX Manager.
|
|
|
traffic_tag
integer
|
|
VLAN ID
Not valid when type is INDEPENDENT, mainly used to identify traffic from different ports in container use case
|
|
|
type
string
|
Choices:
- PARENT
- CHILD
- INDEPENDENT
|
Type of port attachment.
|
|
description
string
|
|
Segment description.
|
|
display_name
string
|
|
Segment Port display name.
Either this or id must be specified. If both are specified, id takes precedence.
|
|
do_wait_till_create
boolean
|
|
Can be used to wait for the realization of subresource before the request to create the next resource is sent to the Manager
|
|
extra_configs
list
|
|
Extra configs on segment port
This property could be used for vendor specific configuration in key value string pairs. Segment port setting will override segment setting if the same key was set on both segment and segment port.
|
|
|
config_pair
dictionary
/ required
|
|
Key value pair in string for the configuration
|
|
|
|
key
string
/ required
|
|
Key
|
|
|
|
value
string
/ required
|
|
Value
|
|
id
string
|
|
The id of the Policy Segment Port.
|
|
ignored_address_bindings
dictionary
|
|
Address bindings to be ignored by IP Discovery module IP Discovery module uses various mechanisms to discover address bindings being used on each segment port. If a user would like to ignore any specific discovered address bindings or prevent the discovery of a particular set of discovered bindings, then those address bindings can be provided here. Currently IP range in CIDR format is not supported.
|
|
init_state
string
|
Choices:
UNBLOCKED_VLAN ←
|
Initial state of this logical ports
Set initial state when a new logical port is created. 'UNBLOCKED_VLAN' means new port will be unblocked on traffic in creation, also VLAN will be set with corresponding logical switch setting. This port setting can only be configured at port creation, and cannot be modified.
|
|
state
-
/ required
|
|
State can be either 'present' or 'absent'. 'present' is used to create or update resource. 'absent' is used to delete resource
Required if id != null
|
|
tags
dictionary
|
|
Opaque identifiers meaningful to the API user.
|
|
|
scope
string
/ required
|
|
Tag scope.
|
|
|
tag
string
/ required
|
|
Tag value.
|
|
site_id
string
|
Default:
"default"
|
The site ID where the EnforcementPoint is located. Required if transport_zone_id is specified.
|
|
state
-
/ required
|
|
State can be either 'present' or 'absent'. 'present' is used to create or update resource. 'absent' is used to delete resource.
|
|
subnets
dictionary
|
|
Subnets that belong to this Policy Segment.
|
|
dhcp_ranges
list
|
|
DHCP address ranges for dynamic IP allocation. DHCP address ranges are used for dynamic IP allocation. Supports address range and CIDR formats. First valid host address from the first value is assigned to DHCP server IP address. Existing values cannot be deleted or modified, but additional DHCP ranges can be added. Formats, e.g. 10.12.2.64/26, 10.12.2.2-10.12.2.50
|
|
gateway_address
string
/ required
|
|
Gateway IP address. Gateway IP address in CIDR format for both IPv4 and IPv6.
|
|
tags
dictionary
|
|
Opaque identifiers meaningful to the API user.
|
|
scope
string
/ required
|
|
Tag scope.
|
|
tag
string
/ required
|
|
Tag value.
|
|
tier0_display_name
string
|
|
Same as tier_0_id. Either one can be specified. If both are specified, tier_0_id takes precedence.
|
|
tier0_id
string
|
|
The Uplink of the Policy Segment. Mutually exclusive with tier_1_id.
|
|
tier1_display_name
string
|
|
Same as tier_1_id. Either one can be specified. If both are specified, tier_1_id takes precedence.
|
|
tier1_id
string
|
|
The Uplink of the Policy Segment. Mutually exclusive with tier_0_id but takes precedence.
|
|
transport_zone_display_name
string
|
|
Same as transport_zone_id. Either one can be specified. If both are specified, transport_zone_id takes precedence.
|
|
transport_zone_id
string
|
|
The TZ associated with the Policy Segment.
|
|
username
string
|
|
The username to authenticate with the NSX manager.
|
|
validate_certs
boolean
|
|
Enable server certificate verification.
|
|
vlan_ids
list
|
|
VLAN ids for a VLAN backed Segment. Can be a VLAN id or a range of VLAN ids specified with '-' in between.
|