| Parameter |
Choices/Defaults |
Comments |
|
achieve_subresource_state_if_del_parent
boolean
|
|
Can be used to achieve the state of subresources even if the parent(base) resource's state is absent.
Can be specified for each subresource.
|
|
ca_path
string
|
|
Path to the CA bundle to be used to verify host's SSL certificate
|
|
create_or_update_subresource_first
boolean
|
|
Can be used to create subresources first.
Can be specified for each subresource.
|
|
default_rule_logging
-
|
Default:
"no"
|
Enable logging for whitelisted rule. Indicates if logging should be enabled for the default whitelisting rule.
|
|
delete_subresource_first
boolean
|
|
Can be used to delete subresources first.
Can be specified for each subresource.
|
|
description
string
|
|
Tier-1 description
|
|
dhcp_config_display_name
string
|
|
Same as dhcp_config_id. Either one can be specified. If both are specified, dhcp_config_id takes precedence.
|
|
dhcp_config_id
string
|
|
DHCP configuration for Segments connected to Tier-1. DHCP service is configured in relay mode.
|
|
disable_firewall
boolean
|
|
Disable or enable gateway fiewall.
|
|
display_name
string
|
|
Display name.
If resource ID is not specified, display_name will be used as ID.
|
|
do_wait_till_create
boolean
|
|
Can be used to wait for the realization of subresource before the request to create the next resource is sent to the Manager.
Can be specified for each subresource.
|
|
enable_standby_relocation
boolean
|
|
Flag to enable standby service router relocation.
Standby relocation is not enabled until edge cluster is configured for Tier1.
|
|
failover_mode
string
|
Choices:
NON_PREEMPTIVE ← - PREEMPTIVE
|
Determines the behavior when a Tier-1 instance in ACTIVE-STANDBY high-availability mode restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. This property must not be populated unless the ha_mode property is set to ACTIVE_STANDBY.
|
|
force_whitelisting
boolean
|
|
Flag to add whitelisting FW rule during realization.
|
|
hostname
string
/ required
|
|
Deployed NSX manager hostname.
|
|
id
string
|
|
Tier-1 ID
|
|
intersite_config
dictionary
|
|
Inter site routing configuration when the gateway is streched.
|
|
fallback_sites
list
|
|
Fallback site to be used as new primary site on current primary site failure. Disaster recovery must be initiated via API/UI. Fallback site configuration is supported only for T0 gateway. T1 gateway will follow T0 gateway's primary site during disaster recovery
|
|
intersite_transit_subnet
string
|
Default:
"169.254.32.0/20"
|
Transit subnet in CIDR format
IPv4 subnet for inter-site transit segment connecting service routers across sites for stretched gateway. For IPv6 link local subnet is auto configured
|
|
last_admin_active_epoch
integer
|
|
Epoch of last time admin changing active LocaleServices
Epoch(in seconds) is auto updated based on system current timestamp when primary locale service is updated. It is used for resolving conflict during site failover. If system clock not in sync then User can optionally override this. New value must be higher than the current value.
|
|
primary_site_path
string
|
|
Primary egress site for gateway.
Primary egress site for gateway. T0/T1 gateway in Active/Standby mode supports stateful services on primary site. In this mode primary site must be set if gateway is stretched to more than one site. For T0 gateway in Active/Active primary site is optional field. If set then secondary site prefers routes learned from primary over locally learned routes. This field is not applicable for T1 gateway with no services
|
|
ipv6_dad_profile_display_name
string
|
|
Same as ipv6_dad_profile_id. Either one can be specified. If both are specified, ipv6_dad_profile_id takes precedence.
|
|
ipv6_dad_profile_id
string
|
|
IPv6 DRA profile configuration on Tier1. Either or both NDRA and/or DAD profiles can be configured. Related attribute ipv6_ndra_profile_id.
|
|
ipv6_ndra_profile_display_name
string
|
|
Same as ipv6_ndra_profile_id. Either one can be specified. If both are specified, ipv6_ndra_profile_id takes precedence.
|
|
ipv6_ndra_profile_id
string
|
|
IPv6 NDRA profile configuration on Tier1. Either or both NDRA and/or DAD profiles can be configured. Related attribute ipv6_dad_profile_id.
|
|
locale_services
list
|
|
This is a list of Locale Services that need to be created, updated, or deleted
|
|
achieve_subresource_state_if_del_parent
boolean
|
|
Can be used to achieve the state of subresources even if the parent(base) resource's state is absent.
Can be specified for each subresource.
|
|
description
string
|
|
Tier-1 Locale Service description
|
|
display_name
string
|
|
Tier-1 Locale Service display name.
Either this or id must be specified. If both are specified, id takes precedence.
|
|
do_wait_till_create
boolean
|
|
Can be used to wait for the realization of subresource before the request to create the next resource is sent to the Manager
|
|
edge_cluster_info
dictionary
|
|
Used to create path to edge cluster. Auto-assigned if associated enforcement-point has only one edge cluster.
|
|
|
edge_cluster_display_name
string
|
|
display name of the edge cluster.
Either this or edge_cluster_id must be specified. If both are specified, edge_cluster_id takes precedence
|
|
|
edge_cluster_id
string
/ required
|
|
ID of the edge cluster
|
|
|
enforcementpoint_id
string
|
Default:
"default"
|
enforcementpoint_id where edge cluster is located
|
|
|
site_id
string
|
Default:
"default"
|
site_id where edge cluster is located
|
|
ha_vip_configs
list
/ elements=dictionary
|
|
Array of HA VIP Config.
This configuration can be defined only for Active-Standby Tier0 gateway to provide redundancy. For mulitple external interfaces, multiple HA VIP configs must be defined and each config will pair exactly two external interfaces. The VIP will move and will always be owned by the Active node. When this property is configured, configuration of dynamic-routing is not allowed.
|
|
|
enabled
boolean
|
|
Flag to enable this HA VIP config.
|
|
|
external_interface_paths
list
|
|
Policy paths to Tier0 external interfaces for providing redundancy
Policy paths to Tier0 external interfaces which are to be paired to provide redundancy. Floating IP will be owned by one of these interfaces depending upon which edge node is Active.
|
|
|
vip_subnets
list
|
|
VIP floating IP address subnets
Array of IP address subnets which will be used as floating IP addresses.
|
|
|
|
ip_addresses
list
/ required
|
|
IP addresses assigned to interface
|
|
|
|
prefix_len
integer
/ required
|
|
Subnet prefix length
|
|
id
string
|
|
Tier-1 Locale Service ID
|
|
interfaces
list
|
|
Specify the interfaces associated with the Gateway in this section that need to be created, updated, or deleted
|
|
|
achieve_subresource_state_if_del_parent
boolean
|
|
Can be used to achieve the state of subresources even if the parent(base) resource's state is absent.
Can be specified for each subresource.
|
|
|
description
string
|
|
Tier-1 Interface description
|
|
|
display_name
string
|
|
Tier-1 Interface display name
Either this or id must be specified. If both are specified, id takes precedence.
|
|
|
do_wait_till_create
boolean
|
|
Can be used to wait for the realization of subresource before the request to create the next resource is sent to the Manager
|
|
|
id
string
|
|
Tier-1 Interface ID
|
|
|
ipv6_ndra_profile_id
string
|
|
Configrue IPv6 NDRA profile. Only one NDRA profile can be configured
Required if id != null
|
|
|
mtu
integer
|
|
MTU size
Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit.
|
|
|
segment_display_name
string
|
|
Same as segment_id
Either this or segment_id must be specified. If both are specified, segment_id takes precedence.
|
|
|
segment_id
string
|
|
Specify Segment to which this interface is connected to.
Required if id != null
|
|
|
state
-
|
|
State can be either 'present' or 'absent'. 'present' is used to create or update resource. 'absent' is used to delete resource.
Required if segp_id != null.
|
|
|
subnets
list
/ elements=dictionary
|
|
IP address and subnet specification for interface
Specify IP address and network prefix for interface
Required if id != null
|
|
|
|
ip_addresses
string
|
|
IP addresses assigned to interface
|
|
|
|
prefix_len
string
|
|
Subnet prefix length
|
|
|
tags
dictionary
|
|
Opaque identifiers meaningful to the API user
|
|
|
|
scope
string
/ required
|
|
Tag scope.
|
|
|
|
tag
string
/ required
|
|
Tag value.
|
|
|
urpf_mode
string
|
|
Unicast Reverse Path Forwarding mode
|
|
preferred_edge_nodes_info
list
|
|
Used to create paths to edge nodes. Specified edge is used as preferred edge cluster member when failover mode is set to PREEMPTIVE, not applicable otherwise.
|
|
|
edge_cluster_display_name
string
|
|
display name of the edge cluster.
either this or edge_cluster_id must be specified. If both are specified, edge_cluster_id takes precedence
|
|
|
edge_cluster_id
string
/ required
|
|
edge_cluster_id where edge node is located
|
|
|
edge_node_display_name
string
|
|
Display name of the edge node.
either this or edge_node_id must be specified. If both are specified, edge_node_id takes precedence
|
|
|
edge_node_id
string
|
|
ID of the edge node
|
|
|
enforcementpoint_id
string
|
Default:
"default"
|
enforcementpoint_id where edge node is located
|
|
|
site_id
string
|
Default:
"default"
|
site_id where edge node is located
|
|
route_redistribution_config
dictionary
|
|
Configure all route redistribution properties like enable/disable redistributon, redistribution rule and so on.
|
|
|
bgp_enabled
boolean
|
|
Flag to enable route redistribution.
|
|
|
redistribution_rules
list
/ elements=dictionary
|
|
List of redistribution rules.
|
|
|
|
name
string
|
|
Rule name
|
|
|
|
route_map_path
string
|
|
Route map to be associated with the redistribution rule
|
|
|
|
route_redistribution_types
list
|
Choices:
- TIER0_STATIC - Redistribute user added static routes.
- TIER0_CONNECTED - Redistribute all subnets configured on Interfaces and routes related to TIER0_ROUTER_LINK, TIER0_SEGMENT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types.
- TIER1_STATIC - Redistribute all subnets and static routes advertised by Tier-1s.
- TIER0_EXTERNAL_INTERFACE - Redistribute external interface subnets on Tier-0.
- TIER0_LOOPBACK_INTERFACE - Redistribute loopback interface subnets on Tier-0.
- TIER0_SEGMENT - Redistribute subnets configured on Segments connected to Tier-0.
- TIER0_ROUTER_LINK - Redistribute router link port subnets on Tier-0.
- TIER0_SERVICE_INTERFACE - Redistribute Tier0 service interface subnets.
- TIER0_DNS_FORWARDER_IP - Redistribute DNS forwarder subnets.
- TIER0_IPSEC_LOCAL_IP - Redistribute IPSec subnets.
- TIER0_NAT - Redistribute NAT IPs owned by Tier-0.
- TIER0_EVPN_TEP_IP - Redistribute EVPN local endpoint subnets on Tier-0.
- TIER1_NAT - Redistribute NAT IPs advertised by Tier-1 instances.
- TIER1_LB_VIP - Redistribute LB VIP IPs advertised by Tier-1 instances.
- TIER1_LB_SNAT - Redistribute LB SNAT IPs advertised by Tier-1 instances.
- TIER1_DNS_FORWARDER_IP - Redistribute DNS forwarder subnets on Tier-1 instances.
- TIER1_CONNECTED - Redistribute all subnets configured on Segments and Service Interfaces.
- TIER1_SERVICE_INTERFACE - Redistribute Tier1 service interface subnets.
- TIER1_SEGMENT - Redistribute subnets configured on Segments connected to Tier1.
- TIER1_IPSEC_LOCAL_ENDPOINT - Redistribute IPSec VPN local-endpoint subnets advertised by TIER1.
|
Tier-0 route redistribution types
|
|
route_redistribution_types
list
|
Choices:
- TIER0_STATIC - Redistribute user added static routes.
- TIER0_CONNECTED - Redistribute all subnets configured on Interfaces and routes related to TIER0_ROUTER_LINK, TIER0_SEGMENT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types.
- TIER1_STATIC - Redistribute all subnets and static routes advertised by Tier-1s.
- TIER0_EXTERNAL_INTERFACE - Redistribute external interface subnets on Tier-0.
- TIER0_LOOPBACK_INTERFACE - Redistribute loopback interface subnets on Tier-0.
- TIER0_SEGMENT - Redistribute subnets configured on Segments connected to Tier-0.
- TIER0_ROUTER_LINK - Redistribute router link port subnets on Tier-0.
- TIER0_SERVICE_INTERFACE - Redistribute Tier0 service interface subnets.
- TIER0_DNS_FORWARDER_IP - Redistribute DNS forwarder subnets.
- TIER0_IPSEC_LOCAL_IP - Redistribute IPSec subnets.
- TIER0_NAT - Redistribute NAT IPs owned by Tier-0.
- TIER0_EVPN_TEP_IP - Redistribute EVPN local endpoint subnets on Tier-0.
- TIER1_NAT - Redistribute NAT IPs advertised by Tier-1 instances.
- TIER1_LB_VIP - Redistribute LB VIP IPs advertised by Tier-1 instances.
- TIER1_LB_SNAT - Redistribute LB SNAT IPs advertised by Tier-1 instances.
- TIER1_DNS_FORWARDER_IP - Redistribute DNS forwarder subnets on Tier-1 instances.
- TIER1_CONNECTED - Redistribute all subnets configured on Segments and Service Interfaces.
- TIER1_SERVICE_INTERFACE - Redistribute Tier1 service interface subnets.
- TIER1_SEGMENT - Redistribute subnets configured on Segments connected to Tier1.
- TIER1_IPSEC_LOCAL_ENDPOINT - Redistribute IPSec VPN local-endpoint subnets advertised by TIER1.
|
Enable redistribution of different types of routes on Tier-0.
This property is only valid for locale-service under Tier-0.
This property is deprecated, please use "route_redistribution_config" property to configure redistribution rules.
|
|
state
-
|
|
State can be either 'present' or 'absent'. 'present' is used to create or update resource. 'absent' is used to delete resource.
Required if segp_id != null
|
|
tags
dictionary
|
|
Opaque identifiers meaningful to the API user.
|
|
|
scope
string
/ required
|
|
Tag scope.
|
|
|
tag
string
/ required
|
|
Tag value.
|
|
nsx_cert_path
string
|
|
Path to the certificate created for the Principal Identity using which the CRUD operations should be performed
|
|
nsx_key_path
string
|
|
Path to the certificate key created for the Principal Identity using which the CRUD operations should be performed
Must be specified if nsx_cert_path is specified
|
|
password
string
|
|
The password to authenticate with the NSX manager.
Must be specified if username is specified
|
|
pool_allocation
string
|
Choices:
ROUTING ← - LB_SMALL
- LB_MEDIUM
- LB_LARGE
- LB_XLARGE
|
Edge node allocation size
Supports edge node allocation at different sizes for routing and load balancer service to meet performance and scalability requirements.
ROUTING - Allocate edge node to provide routing services.
LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE - Specify size of load balancer service that will be configured on TIER1 gateway.
|
|
qos_profile
dictionary
|
|
QoS Profile configuration for Tier1 router link connected to Tier0 gateway.
|
|
egress_qos_profile_path
string
|
|
Policy path to gateway QoS profile in egress direction.
|
|
ingress_qos_profile_path
string
|
|
Policy path to gateway QoS profile in ingress direction.
|
|
request_headers
dictionary
|
|
HTTP request headers to be sent to the host while making any request
|
|
route_advertisement_rules
list
|
|
Route advertisement rules and filtering
|
|
action
string
/ required
|
Choices:
- {'PERMIT': 'Enables the advertisment'}
- {'DENY': 'Disables the advertisement'}
|
Action to advertise filtered routes to the connected Tier0 gateway.
|
|
name
string
/ required
|
|
Display name for rule
|
|
prefix_operator
string
|
|
Prefix operator to filter subnets.
GE prefix operator filters all the routes with prefix length greater than or equal to the subnets configured.
EQ prefix operator filter all the routes with prefix length equal to the subnets configured.
|
|
route_advertisement_types
list
|
Choices:
- TIER1_STATIC_ROUTES
- TIER1_CONNECTED
- TIER1_NAT
- TIER1_LB_VIP
- TIER1_LB_SNAT
- TIER1_DNS_FORWARDER_IP
- TIER1_IPSEC_LOCAL_ENDPOINT
|
Enable different types of route advertisements.
By default, Routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are advertised if no value is supplied here.
|
|
subnets
list
|
|
Network CIDRs to be routed.
|
|
route_advertisement_types
list
|
Choices:
- TIER1_STATIC_ROUTES
- TIER1_CONNECTED
- TIER1_NAT
- TIER1_LB_VIP
- TIER1_LB_SNAT
- TIER1_DNS_FORWARDER_IP
- TIER1_IPSEC_LOCAL_ENDPOINT
|
Enable different types of route advertisements.
By default, Routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are advertised if no value is supplied here.
|
|
state
-
/ required
|
|
State can be either 'present' or 'absent'. 'present' is used to create or update resource. 'absent' is used to delete resource.
|
|
static_routes
list
|
|
This is a list of Static Routes that need to be created, updated, or deleted
|
|
achieve_subresource_state_if_del_parent
boolean
|
|
Can be used to achieve the state of subresources even if the parent(base) resource's state is absent.
Can be specified for each subresource.
|
|
description
string
|
|
Tier-1 Static Route description.
|
|
display_name
string
|
|
Tier-1 Static Route display name.
Either this or id must be specified. If both are specified, id takes precedence.
|
|
do_wait_till_create
boolean
|
|
Can be used to wait for the realization of subresource before the request to create the next resource is sent to the Manager
|
|
id
string
|
|
Tier-1 Static Route ID.
|
|
network
string
/ required
|
|
Network address in CIDR format
|
|
next_hops
list
/ elements=dictionary
|
|
Next hop routes for network
|
|
|
admin_distance
integer
|
Default:
1
|
Cost associated with next hop route
|
|
state
-
|
|
State can be either 'present' or 'absent'. 'present' is used to create or update resource. 'absent' is used to delete resource.
Must be specified in order to modify the resource
|
|
tags
dictionary
|
|
Opaque identifiers meaningful to the API user
|
|
|
scope
string
/ required
|
|
Tag scope.
|
|
|
tag
string
/ required
|
|
Tag value.
|
|
tags
dictionary
|
|
Opaque identifiers meaningful to the API user.
|
|
scope
string
/ required
|
|
Tag scope.
|
|
tag
string
/ required
|
|
Tag value.
|
|
tier0_display_name
string
|
|
Same as tier0_id. Either one can be specified. If both are specified, tier0_id takes precedence.
|
|
tier0_id
string
|
|
Tier-1 connectivity to Tier-0
|
|
username
string
|
|
The username to authenticate with the NSX manager.
|
|
validate_certs
boolean
|
|
Enable server certificate verification.
|