ServiceEngine

Description

API


    PUT /api/serviceengine/&ltkey>
    DELETE /api/serviceengine/&ltkey>
    GET /api/serviceengine
    GET /api/serviceengine/&ltkey>

CLI


    configure serviceengine &ltkey>
    delete serviceengine &ltkey>
    show serviceengine &ltkey>

Data

ServiceEngine

uuid

Type
string
Category
required
Description

name

Type
string
Category
optional
Description
Default
VM name unknown

tenant_ref

Type
Reference to Tenant
Category
optional
Description

cloud_ref

Type
Reference to Cloud
Category
optional,readonly
Description
Default
/api/cloud?name=Default-Cloud

mgmt_vnic

Type
vNIC
Category
optional,readonly
Description

resources

Type
SeResources
Category
optional,readonly
Description

data_vnics

Type
vNIC
Category
repeated,readonly
Description

controller_ip

Type
string
Category
optional,readonly
Description

host_ref

Type
Reference to VIMgrHostRuntime
Category
optional,readonly
Description

controller_created

Type
bool
Category
optional,readonly
Description
Default
False

se_group_ref

Type
Reference to ServiceEngineGroup
Category
optional
Description

container_mode

Type
bool
Category
optional,readonly
Description
Default
False

flavor

Type
string
Category
optional,readonly
Description
Default

hypervisor

Type
enum
Category
optional,readonly
Description
Choices
DEFAULT, VMWARE_ESX, KVM, VMWARE_VSAN, XEN

availability_zone

Type
string
Category
optional,readonly
Description

enable_state

Type
enum
Category
optional
Description
inorder to disable SE set this field appropriately
Default
SE_STATE_ENABLED
Choices
SE_STATE_ENABLED, SE_STATE_DISABLED_FOR_PLACEMENT, SE_STATE_DISABLED

container_type

Type
enum
Category
optional,readonly
Description
Default
CONTAINER_TYPE_HOST
Choices
CONTAINER_TYPE_BRIDGE, CONTAINER_TYPE_HOST, CONTAINER_TYPE_HOST_DPDK

vNIC

if_name

Type
string
Category
optional,readonly
Description

mac_address

Type
string
Category
required,readonly
Description

connected

Type
bool
Category
optional,readonly
Description

is_mgmt

Type
bool
Category
optional,readonly
Description
Default
False

network_ref

Type
Reference to Network
Category
optional,readonly
Description

network_name

Type
string
Category
optional,readonly
Description

dhcp_enabled

Type
bool
Category
optional
Description
Default
True

is_avi_internal_network

Type
bool
Category
optional,readonly
Description
Default
False

enabled

Type
bool
Category
optional
Description
Default
True

adapter

Type
string
Category
optional,readonly
Description

vlan_id

Type
int32
Category
optional,readonly
Description
Default
0

pci_id

Type
string
Category
optional,readonly
Description

linux_name

Type
string
Category
optional,readonly
Description
Default

port_uuid

Type
string
Category
optional,readonly
Description

del_pending

Type
bool
Category
optional,readonly
Description
Default
False

mtu

Type
int32
Category
optional,readonly
Description
Default
1500

vnic_networks

Type
vNICNetwork
Category
repeated
Description

can_se_dp_takeover

Type
bool
Category
optional,readonly
Description
Default
True

vrf_ref

Type
Reference to VrfContext
Category
optional
Description

vrf_id

Type
uint32
Category
optional,readonly
Description
Default
0

vlan_interfaces

Type
VlanInterface
Category
repeated
Description

is_portchannel

Type
bool
Category
optional,readonly
Description
Default
False

members

Type
MemberInterface
Category
repeated,readonly
Description

is_hsm

Type
bool
Category
optional,readonly
Description
Default
False

is_asm

Type
bool
Category
optional,readonly
Description
Default
False

vNICNetwork

ip

Type
IpAddrPrefix
Category
required
Description

ctlr_alloc

Type
bool
Category
optional
Description
Default
False

mode

Type
enum
Category
required
Description
Default
DHCP
Choices
DHCP, STATIC, VIP, DOCKER_HOST

IpAddrPrefix

ip_addr

Type
IpAddr
Category
required
Description

mask

Type
int32
Category
required
Description

IpAddr

addr

Type
string
Category
required
Description
IP address

type

Type
enum
Category
required
Description
Choices
V4, DNS

VlanInterface

if_name

Type
string
Category
required
Description

vlan_id

Type
int32
Category
optional
Description
Default
0

dhcp_enabled

Type
bool
Category
optional
Description
Default
True

vnic_networks

Type
vNICNetwork
Category
repeated
Description

vrf_ref

Type
Reference to VrfContext
Category
optional
Description
Default
/api/vrfcontext?name=

is_mgmt

Type
bool
Category
optional,readonly
Description
Default
False

MemberInterface

if_name

Type
string
Category
required
Description

active

Type
bool
Category
optional
Description
Default
False

SeResources

num_vcpus

Type
int32
Category
required
Description

memory

Type
int32
Category
required
Description

disk

Type
int32
Category
required
Description

hyper_threading

Type
bool
Category
optional
Description

sockets

Type
int32
Category
optional
Description

cores_per_socket

Type
int32
Category
optional
Description

Actions

API


    POST /api/serviceengine/&ltkey>/switchover

CLI


    switchover serviceengine &ltkey>

API


    POST /api/serviceengine/&ltkey>/forcedelete

CLI


    forcedelete serviceengine &ltkey>

API


    POST /api/serviceengine/&ltkey>/reboot

CLI


    reboot serviceengine &ltkey>

References

VrfContext ServiceEngineGroup Network Tenant Cloud VIMgrHostRuntime

Sub Objects

DispatcherTableDumpRuntime

API


    GET /api/serviceengine/&ltkey>/flowtable/&ltkey>
	Query Params: FlowtableEntryFilter

CLI


    show serviceengine &ltkey> flowtable filter [src_ip_addr] [src_ip_mask] [src_port] [src_port_hi] [dst_ip_addr] [dst_ip_mask] [dst_port] [dst_port_hi] [intfname] [core_num] [protocol_str]

Data

DispatcherTableDumpRuntime

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

vnic_table

Type
DispatcherOneTableRuntime
Category
repeated
Description

flow_entries

Type
DispatcherEntryRuntime
Category
repeated
Description

DispatcherOneTableRuntime

vnic

Type
uint32
Category
required
Description

mac

Type
string
Category
required
Description

flow_entries

Type
DispatcherEntryRuntime
Category
repeated
Description

DispatcherEntryRuntime

src_ip

Type
IpAddr
Category
required
Description

dst_ip

Type
IpAddr
Category
required
Description

src_port

Type
uint32
Category
required
Description

dst_port

Type
uint32
Category
required
Description

action

Type
uint32
Category
required
Description

is_local

Type
uint32
Category
required
Description

dst_core

Type
int32
Category
required
Description

ctx

Type
uint64
Category
required
Description

tcp_state

Type
int32
Category
required
Description

se_mac

Type
string
Category
required
Description

vs_stat_index

Type
int32
Category
required
Description

flow_flags

Type
uint32
Category
required
Description

list_insertion_time

Type
uint32
Category
required
Description

master_vs_table

Type
uint64
Category
required
Description

protocol

Type
uint32
Category
required
Description

Actions

API


    POST /api/serviceengine/&ltkey>/flowtable/clear

CLI


    clear serviceengine &ltkey> flowtable

Data

DispatcherTableDumpClear

se_uuid

Type
string
Category
optional
Description

ServiceEngineRuntimeSummary

API


    GET /api/serviceengine/&ltkey>/runtime/&ltkey>

CLI


    show serviceengine &ltkey> summary

Data

ServiceEngineRuntimeSummary

power_state

Type
enum
Category
optional
Description
Choices
SE_POWER_OFF, SE_POWER_ON, SE_SUSPENDED

vinfra_discovered

Type
bool
Category
optional
Description

se_connected

Type
bool
Category
optional
Description

oper_status

Type
OperationalStatus
Category
optional
Description

hb_status

Type
SeHbStatus
Category
optional
Description

online_since

Type
string
Category
optional
Description

gateway_up

Type
bool
Category
optional
Description

active_tags

Type
enum
Category
repeated
Description
Choices
ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2

inband_mgmt

Type
bool
Category
optional
Description

version

Type
string
Category
optional
Description
Default
0.0.0

at_curr_ver

Type
bool
Category
optional
Description

migrate_state

Type
enum
Category
optional
Description
This state is used to indicate the current state of disable SE process.
Default
SE_MIGRATE_STATE_IDLE
Choices
SE_MIGRATE_STATE_IDLE, SE_MIGRATE_STATE_STARTED, SE_MIGRATE_STATE_FINISHED_WITH_FAILURE, SE_MIGRATE_STATE_FINISHED

OperationalStatus

state

Type
enum
Category
optional
Description
Choices
OPER_UP, OPER_DOWN, OPER_CREATING, OPER_RESOURCES, OPER_INACTIVE, OPER_DISABLED, OPER_UNUSED, OPER_UNKNOWN, OPER_PROCESSING, OPER_INITIALIZING, OPER_ERROR_DISABLED, OPER_AWAIT_MANUAL_PLACEMENT, OPER_UPGRADING, OPER_SE_PROCESSING, OPER_PARTITIONED, OPER_DISABLING, OPER_FAILED, OPER_UNAVAIL

reason

Type
string
Category
repeated
Description

reason_code

Type
uint64
Category
optional
Description

last_changed_time

Type
TimeStamp
Category
optional
Description

reason_code_string

Type
string
Category
optional
Description

TimeStamp

secs

Type
Unknown
Category
required
Description

usecs

Type
Unknown
Category
required
Description

SeHbStatus

num_hb_misses

Type
int32
Category
required
Description

last_hb_req_sent

Type
string
Category
required
Description

last_hb_resp_recv

Type
string
Category
required
Description

SeFaultInjectExhaustMcl

API


CLI


Data

SeFaultInjectExhaustMcl

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

num_objects

Type
uint64
Category
required
Description

Actions

API


    POST /api/serviceengine/&ltkey>/faultinject/exhaust_mcl/clear

CLI


    faultinject serviceengine &ltkey> exhaust_mcl

Data

SEFaultInjectExhaustParam

num

Type
uint64
Category
required
Description

leak

Type
bool
Category
optional
Description

InterfaceSummaryRuntime

API


    GET /api/serviceengine/&ltkey>/interfacesummary/&ltkey>

CLI


    show serviceengine &ltkey> interface summary

Data

InterfaceSummaryRuntime

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

interface_entries

Type
InterfaceSummaryEntry
Category
repeated
Description

InterfaceSummaryEntry

intf_name

Type
string
Category
optional
Description

mac_address

Type
string
Category
optional
Description

ip_info

Type
IpInterface
Category
repeated
Description

intf_state

Type
string
Category
optional
Description

owner_core

Type
int32
Category
optional
Description

linux_intf_name

Type
string
Category
optional
Description

vrf_name

Type
string
Category
optional
Description

IpInterface

ip_addr

Type
string
Category
required
Description

net_mask

Type
string
Category
required
Description

InterfaceRuntime

API


    GET /api/serviceengine/&ltkey>/interface/&ltkey>
	Query Params: FlowtableIntfFilter

CLI


    show serviceengine &ltkey> interface filter [mac] [intfname] [core_num]

Data

InterfaceRuntime

se_uuid

Type
string
Category
required
Description

proc_id

Type
string
Category
required
Description

vnics

Type
VnicInfo
Category
repeated
Description

VnicInfo

vnic_name

Type
string
Category
required
Description

vnic_id

Type
int32
Category
required
Description

mac_address

Type
string
Category
required
Description

ip_info

Type
IpInterface
Category
repeated
Description

interface_stats

Type
InterfaceStats
Category
required
Description

vnic_parent

Type
int32
Category
required
Description

vnic_weight

Type
int32
Category
required
Description

vlan_id

Type
int32
Category
required
Description

num_vs_delete_drops

Type
uint64
Category
optional
Description

pcap_filter

Type
string
Category
optional
Description

iptable_filter

Type
string
Category
optional
Description

vrf_id

Type
uint32
Category
optional
Description

vrf_uuid

Type
string
Category
optional
Description

vnic_mtu

Type
int32
Category
optional
Description

intferface_up

Type
bool
Category
optional
Description

mbr_intfs

Type
MbrIntf
Category
repeated
Description

interface_disabled

Type
bool
Category
optional
Description

linux_intf_name

Type
string
Category
optional
Description

vnic_owner

Type
int32
Category
optional
Description

InterfaceStats

ipackets

Type
uint64
Category
required
Description

ibytes

Type
uint64
Category
required
Description

ierrors

Type
uint64
Category
required
Description

rx_nombuf

Type
uint64
Category
required
Description

opackets

Type
uint64
Category
required
Description

obytes

Type
uint64
Category
required
Description

oerrors

Type
uint64
Category
required
Description

rx_kni

Type
uint64
Category
required
Description

tx_kni

Type
uint64
Category
required
Description

tx_kni_errs

Type
uint64
Category
required
Description

ip_checksum_drops

Type
uint64
Category
required
Description

l4_checksum_drops

Type
uint64
Category
required
Description

tx_queue_full_retries

Type
uint64
Category
required
Description

rx_pkt_iterations

Type
uint64
Category
required
Description

rx_queue_full

Type
uint64
Category
required
Description

rx_max_single_burst

Type
uint64
Category
required
Description

rx_mim_etype_p2s

Type
uint64
Category
required
Description

tx_mim_etype_p2s

Type
uint64
Category
required
Description

tx_mim_frags_etype_p2s

Type
uint64
Category
required
Description

rx_mim_etype_s2p

Type
uint64
Category
required
Description

tx_mim_etype_s2p

Type
uint64
Category
required
Description

tx_mim_frags_etype_s2p

Type
uint64
Category
required
Description

tx_frags_p2s

Type
uint64
Category
optional
Description

local_flow_probes_req_sent

Type
uint32
Category
optional
Description

local_flow_probes_req_received

Type
uint32
Category
optional
Description

flow_probes_ignored_same_vnic

Type
uint32
Category
optional
Description

flow_probes_ignored_in_tw

Type
uint32
Category
optional
Description

ifq_stats

Type
IfQStats
Category
repeated
Description

IfQStats

ipackets

Type
uint64
Category
required
Description

ibytes

Type
uint64
Category
required
Description

opackets

Type
uint64
Category
required
Description

obytes

Type
uint64
Category
required
Description

oerrors

Type
uint64
Category
required
Description

rx_pkt_iterations

Type
uint64
Category
required
Description

rx_queue_full

Type
uint64
Category
required
Description

rx_max_single_burst

Type
uint64
Category
required
Description

MbrIntf

if_name

Type
string
Category
required
Description

linux_name

Type
string
Category
required
Description

active

Type
bool
Category
required
Description

Actions

API


    POST /api/serviceengine/&ltkey>/interface/clear

CLI


    clear serviceengine &ltkey> interface

ArptableRuntime

API


    GET /api/serviceengine/&ltkey>/arptable/&ltkey>
	Query Params: ArpTableFilter	SeParamsFilter

CLI


    show serviceengine &ltkey> arptable filter [ip_address] [primary_only] [disable_aggregate] [se_uuid] [all_se]

Data

ArptableRuntime

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

arp_entry

Type
ArpEntry
Category
repeated
Description

ArpEntry

vnic_name

Type
string
Category
required
Description

ip_address

Type
string
Category
required
Description

mac_address

Type
string
Category
required
Description

vrf_id

Type
uint32
Category
optional
Description

Actions

API


    POST /api/serviceengine/&ltkey>/arptable/clear

CLI


    clear serviceengine &ltkey> arptable

Data

ArpTableFilter

ip_address

Type
IpAddr
Category
optional
Description
IP address

SeDosStatRuntime

API


    GET /api/serviceengine/&ltkey>/dosstat/&ltkey>
	Query Params: SeParamsFilter

CLI


    show serviceengine &ltkey> dosstat filter [primary_only] [disable_aggregate] [se_uuid] [all_se]

Data

SeDosStatRuntime

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

land

Type
uint32
Category
required
Description

smurf

Type
uint32
Category
required
Description

icmp_flood

Type
uint32
Category
required
Description

unknown_protocol

Type
uint32
Category
required
Description

teardrop

Type
uint32
Category
required
Description

ip_frag_overrun

Type
uint32
Category
required
Description

ip_frag_toosmall

Type
uint32
Category
required
Description

ip_frag_full

Type
uint32
Category
required
Description

ip_frag_incomplete

Type
uint32
Category
required
Description

port_scan

Type
uint32
Category
required
Description

dos_rx_bytes

Type
uint64
Category
required
Description

dos_tx_bytes

Type
uint64
Category
required
Description

Actions

API


    POST /api/serviceengine/&ltkey>/dosstat/clear

CLI


    clear serviceengine &ltkey> dosstat

SeAgentGraphDBRuntime

API


    GET /api/serviceengine/&ltkey>/graphdb/&ltkey>

CLI


    show serviceengine &ltkey> graphdb

Data

SeAgentGraphDBRuntime

se_ref

Type
Reference to ServiceEngine
Category
optional
Description

total_obj

Type
int32
Category
required
Description
Default
0

total_obj_active

Type
int32
Category
optional
Description
Default
0

total_obj_awaiting_dp

Type
int32
Category
optional
Description
Default
0

total_obj_error

Type
int32
Category
optional
Description
Default
0

total_obj_ew_subnet_error

Type
int32
Category
optional
Description
Default
0

virtualservice

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

pool

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

healthmonitor

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

networkprofile

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

applicationprofile

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

httpsecuritypolicy

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

httprequestpolicy

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

httpresponsepolicy

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

ipaddrgroup

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

stringgroup

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

sslprofile

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

sslkeyandcertificate

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

networksecuritypolicy

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

applicationpersistenceprofile

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

analyticsprofile

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

vsdatascriptset

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

tenant

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

serviceenginegroup

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

cloud

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

microservice

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

gslbservice

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

gslbhealthmonitor

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

gslbgeodbprofile

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

gslb

Type
SeAgentGraphDBNodeInfo
Category
optional
Description

graph_version

Type
int32
Category
optional
Description
Default
0

SeAgentGraphDBNodeInfo

num_obj

Type
int32
Category
optional
Description
Default
0

num_obj_active

Type
int32
Category
optional
Description
Default
0

num_obj_awaiting_dp

Type
int32
Category
optional
Description
Default
0

num_obj_error

Type
int32
Category
optional
Description
Default
0

num_obj_ew_subnet_error

Type
int32
Category
optional
Description
Default
0

obj

Type
SeAgentGraphDBNodeObject
Category
repeated
Description

SeAgentGraphDBNodeObject

status

Type
enum
Category
required
Description
Choices
SYSERR_SUCCESS, SYSERR_FAILURE, SYSERR_OUT_OF_MEMORY, SYSERR_NO_ENT, SYSERR_INVAL, SYSERR_ACCESS, SYSERR_FAULT, SYSERR_IO, SYSERR_TIMEOUT, SYSERR_NOT_SUPPORTED, SYSERR_NOT_READY, SYSERR_UPGRADE_IN_PROGRESS, SYSERR_WARM_START_IN_PROGRESS, SYSERR_TRY_AGAIN, SYSERR_BAD_REQUEST, SYSERR_TEST1, SYSERR_TEST2, SYSERR_QUEUE_TRANSPORT_FAILURE, SYSERR_QUEUE_RETRY_TASK, SYSERR_DATASTORE_TRANSPORT_FAILURE, SYSERR_DATASTORE_UNKNOWN_FAILURE, SYSERR_DATASTORE_OBJECT_DOES_NOT_EXIST, SYSERR_DATASTORE_REFERENCE_DOES_NOT_EXIST, SYSERR_DATASTORE_DB_LOCKED, SYSERR_DATASTORE_LOCK_FAILURE, SYSERR_DATASTORE_TBL_NOT_EXIST, SYSERR_SVC_COMMON_OBJECT_NOT_IN_CACHED_VIEW, SYSERR_RPC_CANCELED_BY_CLIENT, SYSERR_RPC_TIMED_OUT, SYSERR_RPC_SEND_FAILED, SYSERR_RPC_CANCELED_BY_TRANSACTION_CLEANUP, SYSERR_NO_MULTICAST_RECEIVERS, SYSERR_RPC_FAILED, SYSERR_RPC_CONNECT_FAILED, SYSERR_CONTROLLER_NOT_READY, SYSERR_VERSION_MISMATCH, SYSERR_INVALID_METHOD, SYSERR_DESERIALIZATION, SYSERR_SERIALIZATION, SYSERR_ENQUEUE, SYSERR_DEQUEUE, SYSERR_VS_INVALID_METHOD, SYSERR_VS_NOT_PRESENT, SYSERR_VS_INVALID_REQUEST, SYSERR_VS_NOT_ENOUGH_RESOURCES, SYSERR_VS_SE_NOT_AVAILABLE, SYSERR_VS_VNIC_FAILURE, SYSERR_VS_DELETE_WHILE_STILL_BEING_REFERRED, SYSERR_INVALID_HEALTH_MONITOR_TYPE, SYSERR_VS_SE_ASSIGNMENT_FAILED, SYSERR_VS_INVALID_OBJECT, SYSERR_VS_SERVICE_ENGINE_DOWN, SYSERR_VS_RPC_FAILURE, SYSERR_VS_NOT_BOUND, SYSERR_VS_DISABLED, SYSERR_VS_INTERNAL_ERROR, SYSERR_VS_SCALEOUT_ERROR, SYSERR_VS_SCALEIN_ERROR, SYSERR_VS_MIGRATE_ERROR, SYSERR_VS_MIGRATE_SCALEOUT_ERROR, SYSERR_VS_MIGRATE_SCALEIN_ERROR, SYSERR_VS_AWAIT_STATIC_SE, SYSERR_VS_MIN_SE_NOT_ASSIGNED, SYSERR_SE_MGR_VNIC_ALLOC_FAIL, SYSERR_SE_MGR_VNIC_NOT_FOUND, SYSERR_SE_MGR_UNKNOWN_SE, SYSERR_SE_MGR_UNKNOWN_STATE_TRANSITION, SYSERR_SE_MGR_SE_OFFLINE_HB_FAILURE, SYSERR_SE_UPGRADE_IN_PROGRESS, SYSERR_SE_NOT_CONNECTED, SYSERR_RM_RES_UNAVAIL, SYSERR_RM_RES_UNAVAIL_NOTIFY, SYSERR_RM_RES_NOT_INUSE, SYSERR_RM_CONSUMER_NOT_FOUND, SYSERR_RM_REACHABILITY_FAILED, SYSERR_RM_RELEASE_SE_UNAVAIL, SYSERR_RM_UNKNOWN_SE_GROUP, SYSERR_RM_NO_SE_FOUND, SYSERR_RM_PARTIAL_SE_FOUND, SYSERR_RM_AWAIT_VM_CREATE, SYSERR_RM_AWAIT_VNIC_ADD, SYSERR_RM_AWAIT_BOOTUP, SYSERR_RM_RESOURCE_NOT_FOUND, SYSERR_RM_CANNOT_SPAWN_SE, SYSERR_RM_RES_NOT_NEEDED, SYSERR_RM_RES_INFRA_DELETED, SYSERR_RM_RES_USER_DELETED, SYSERR_RM_RES_USER_REBOOTED, SYSERR_RM_RES_CRASHED, SYSERR_RM_RES_CONN_LOST, SYSERR_RM_RES_VIP_REACH_LOST, SYSERR_RM_VS_PROCESSING, SYSERR_RM_VNIC_IP_FAILURE, SYSERR_RM_STATIC_NO_POOL, SYSERR_RM_STATIC_POOL_EXHAUSTED, SYSERR_RM_VIP_MULT_NETWORKS, SYSERR_RM_SRVR_MULT_NETWORKS, SYSERR_RM_VIP_NO_NETWORK, SYSERR_RM_SRVR_NO_NETWORK, SYSERR_RM_MAX_PARALLEL_SE_CREATE, SYSERR_RM_MAX_SE_CREATE_ATTEMPTS, SYSERR_RM_MULT_SE_CRASH, SYSERR_RM_VS_SE_CREATE_IN_PROG, SYSERR_RM_VS_SE_BOOTUP_IN_PROG, SYSERR_RM_VS_SE_VNIC_ADD_IN_PROG, SYSERR_RM_VS_SE_VNIC_IP_IN_PROG, SYSERR_RM_NO_SUITABLE_HOST, SYSERR_RM_NO_SE_IN_SE_GRP, SYSERR_RM_ALL_SE_IN_SE_GRP_DOWN, SYSERR_RM_NO_SE_IN_SE_GRP_SRVR_ACC, SYSERR_RM_NO_SE_IN_SE_GRP_VIP_ACC, SYSERR_RM_ALL_SE_IN_SE_GRP_MAX_VS, SYSERR_RM_ALL_SE_IN_SE_GRP_NW_ACC_MAX_VS, SYSERR_RM_VIP_SE_NW_ACC, SYSERR_RM_VIP_SE_MAX_VS, SYSERR_RM_VIP_SE_GRP_MISMATCH, SYSERR_RM_VIP_SE_PENDING_OP, SYSERR_RM_MULT_MGMT_SUBNET, SYSERR_RM_MAX_SE_IN_GRP, SYSERR_RM_BOOTUP_FAILURE, SYSERR_RM_PENDING_VNIC_OP, SYSERR_RM_SE_MGMT_NO_STATIC_IPS_CONFIGURED, SYSERR_RM_SE_MGMT_STATIC_IPS_EXHAUSTED, SYSERR_RM_NO_MGMT_SUBNET, SYSERR_RM_MGMT_DHCP_FAILURE, SYSERR_RM_CANNOT_ADD_VNICS, SYSERR_RM_CONSUMER_RESOURCES_SATISFIED, SYSERR_RM_DATA_DHCP_FAILURE, SYSERR_RM_QUERY_HOST_IN_PROGRESS, SYSERR_RM_INSUFFICIENT_BUFFER_SE, SYSERR_RM_NO_DEFAULT_GW_SE_MGMT_NW, SYSERR_RM_PARENT_SE_NW_ACC, SYSERR_RM_PARENT_SE_MAX_VS, SYSERR_RM_PARENT_SE_GRP_MISMATCH, SYSERR_RM_DEF_GW_INCORRECT, SYSERR_RM_NETWORK_NOT_FOUND, SYSERR_RM_ALL_SE_IN_SE_GRP_USED, SYSERR_RM_SE_GRP_PENDING_OP, SYSERR_RM_ALL_SE_IN_SE_GRP_DISABLED, SYSERR_RM_VS_SE_PING_CHECK_IN_PROG, SYSERR_RM_CONSUMER_PENDING_TASK, SYSERR_RM_SE_GRP_VIP_NW_ACC, SYSERR_RM_SE_GRP_NW_ACC, SYSERR_RM_SE_GRP_MAX_VS, SYSERR_RM_ALL_SE_IN_SE_GRP_GW_DOWN, SYSERR_RM_SE_GW_DOWN, SYSERR_RM_SE_DISCONNECTED, SYSERR_VI_MGR_SEVM_VNIC_SUCCESS, SYSERR_VI_MGR_SEVM_CREATE_FAIL_NO_HW_INFO, SYSERR_VI_MGR_SEVM_CREATE_FAIL_DUPLICATE_NAME, SYSERR_VI_MGR_SEVM_CREATE_FAIL_NO_MGMT_NW, SYSERR_VI_MGR_SEVM_CREATE_FAIL_NO_CPU, SYSERR_VI_MGR_SEVM_CREATE_FAIL_NO_MEM, SYSERR_VI_MGR_SEVM_CREATE_FAIL_NO_LEASE, SYSERR_VI_MGR_SEVM_CREATE_FAIL_OVF_ERROR, SYSERR_VI_MGR_SEVM_CREATE_NO_HOST_VM_NETWORK, SYSERR_VI_MGR_SEVM_CREATE_FAIL_NO_PROGRESS, SYSERR_VI_MGR_SEVM_CREATE_FAIL_ABORTED, SYSERR_VI_MGR_SEVM_CREATE_FAILURE, SYSERR_VI_MGR_SEVM_CREATE_FAIL_POWER_ON, SYSERR_VI_MGR_SEVM_VNIC_NO_VM, SYSERR_VI_MGR_SEVM_VNIC_MAC_ADDR_ERROR, SYSERR_VI_MGR_SEVM_VNIC_FAILURE, SYSERR_VI_MGR_SEVM_VNIC_NO_PG_PORTS, SYSERR_VI_MGR_SEVM_DELETE_FAILURE, SYSERR_VI_MGR_SEVM_CREATE_LIMIT_REACHED, SYSERR_VI_MGR_SEVM_SET_MGMT_IP_FAILED, SYSERR_VI_MGR_SEVM_CREATE_ACCESS_ERROR, SYSERR_VI_MGR_SEVM_CREATE_NO_IMAGE, SYSERR_VI_MGR_SEVM_VINFRA_UNINITIALIZED, SYSERR_VI_MGR_SEVM_CREATE_NO_HOST, SYSERR_VI_MGR_SEVM_CREATE_FAIL_NO_MGMT_NW_PORTS, SYSERR_VI_MGR_SEVM_INVALID_DATA, SYSERR_VI_MGR_SEVM_CREATE_FAIL_MULTIPLE_MGMT_NW, SYSERR_VI_MGR_SEVM_VCENTER_CONN_FAIL, SYSERR_VI_MGR_SEVM_TIMED_OUT, SYSERR_VI_MGR_SEVM_NO_SOURCE_CLONE, SYSERR_VI_MGR_SEVM_NO_AVAILABILITY_ZONE, SYSERR_VI_MGR_SEVM_FLAVOR_UNAVAIL, SYSERR_VI_MGR_SEVM_DELETED, SYSERR_VI_MGR_SEVM_VINFRA_FAILURE, SYSERR_VI_MGR_SEVM_VNIC_FAILURE_QUESTION, SYSERR_VI_MGR_LOGIN_FAIL_NO_VCENTER, SYSERR_VI_MGR_LOGIN_FAIL_USER_CREDENTIALS, SYSERR_VI_MGR_VCENTER_VERSION_MISMATCH, SYSERR_DB_CACHE_TBL_NOT_FOUND, SYSERR_DB_CACHE_OBJ_NOT_FOUND, SYSERR_DB_QUERY_QUEUED, SYSERR_DB_QUERY_BATCHED, SYSERR_DB_UPDATE_FAILED, SYSERR_DB_QUERY_FAILED, SYSERR_OS_AGENT_Q_FULL, SYSERR_OS_AGENT_OPENSTACK_UNINITIALIZED, SYSERR_OS_AGENT_OPENSTACK_ACCESSERR, SYSERR_OS_AGENT_OPENSTACK_RESOURCEERR, SYSERR_OS_AGENT_TENANT_ABSENT, SYSERR_OS_AGENT_INVALID_DATA, SYSERR_CC_SVC_Q_FULL, SYSERR_CC_AGENT_UNINITIALIZED, SYSERR_CC_AGENT_ACCESSERR, SYSERR_CC_AGENT_RESOURCEERR, SYSERR_CC_AGENT_TENANT_ACCESSERR, SYSERR_CC_AGENT_TENANT_ABSENT, SYSERR_CC_SVC_INVALID_DATA, SYSERR_CC_OS_AGENT_NEUTRON_HOST_ACCESSERR, SYSERR_CC_NO_FLAVOR, SYSERR_CC_AGENT_ABSENT, SYSERR_CC_AGENT_CONFIG_FAILURE, SYSERR_CC_AGENT_DECONFIG_FAILURE, SYSERR_CC_AGENT_NON_INFRA_SEVM, SYSERR_MESOS_DISCOVERY_DEPLOYMENT_FAIL, SYSERR_MESOS_DISCOVERY_TIMEOUT, SYSERR_MARATHON_APP_TERMINATED, SYSERR_MARATHON_INACCESSIBLE, SYSERR_FLEET_API_ERROR, SYSERR_MESOS_SSH_CMD_TIMEOUT, SYSERR_MESOS_SSH_ABORTED, SYSERR_MESOS_SSH_FAILURE, SYSERR_MESOS_SSH_NOTFOUND, SYSERR_CC_AGENT_VNIC_NO_IPS_AVAILABLE, SYSERR_CC_AGENT_VNIC_NO_SUBNETWORK, SYSERR_CC_AGENT_VNIC_FAILURE, SYSERR_CC_AGENT_SCALE_IN_FAILED, SYSERR_CC_AGENT_DS_FAILED, SYSERR_CC_AGENT_NOT_IMPLEMENTED, SYSERR_CC_AGENT_METHOD_NOT_IMPLEMENTED, SYSERR_CC_AGENT_GENERIC_FAILURE, SYSERR_RUM_TOOMANYSAMPLES, SYSERR_METRICS_TOO_MANY_MSG, SYSERR_METRICS_TOO_MANY_MSG_ACROSS_ENTITIES, SYSERR_ANOMALYZER_NOT_ENOUGH_SAMPLES, SYSERR_AUTOSCALE_REASON_INTELLIGENT_AUTOSCALE, SYSERR_AUTOSCALE_REASON_CONFIG_UPDATE, SYSERR_AUTOSCALE_REASON_POOL_STATE_CHANGE, SYSERR_AUTOSCALE_REASON_ALERT, SYSERR_AUTOSCALEIN_FAILED_LIMIT_EXCEEDED, SYSERR_AUTOSCALEOUT_FAILED_LIMIT_EXCEEDED, SYSERR_AUTOSCALE_IGNORED_AS_WITHIN_COOLDOWN, SYSERR_AUTOSCALE_ORCHESTRATION_TIMEOUT, SYSERR_AUTOSCALE_REASON_NOT_ENOUGH_SERVERS, SYSERR_AUTOSCALE_REASON_TOO_MANY_SERVERS, SYSERR_AUTOSCALE_REASON_ORCHESTRATION_FAILED, SYSERR_AUTOSCALE_REASON_MANUAL, SYSERR_AUTOSCALE_POLICY_NOT_FOUND, SYSERR_SEAGENT_OBJ_INACTIVE, SYSERR_SEAGENT_OBJ_AWAITING_DP_PROGRAMMING, SYSERR_SEAGENT_OBJ_ACTIVE, SYSERR_SEAGENT_OBJ_GRAPHDB_ERROR, SYSERR_SEAGENT_OBJ_DP_ERROR, SYSERR_SEAGENT_OBJ_DISABLED_RULE_POOL, SYSERR_SEAGENT_EASTWEST_VS_SUBNET_ERROR, SYSERR_GSLB_INVALID_MTYPE, SYSERR_GSLB_INVALID_SITE_CREDENTIALS, SYSERR_GSLB_OBJECT_NOT_FOUND, SYSERR_GSLB_INVALID_OPS, SYSERR_GSLB_PARTIAL_SUCCESS, SYSERR_GSLB_FQDN_CONFLICT, SYSERR_GSLB_CLEANUP_IN_PROGRESS, SYSERR_GSLB_METHOD_NOP

reason

Type
string
Category
optional
Description

config

Type
SeAgentGraphDBNodeConfig
Category
optional
Description

stats

Type
SeAgentGraphDBNodeStats
Category
optional
Description

SeAgentGraphDBNodeConfig

virtual_service_se

Type
VirtualServiceSe
Category
optional
Description

pool

Type
Pool
Category
optional
Description

health_monitor

Type
HealthMonitor
Category
optional
Description

network_profile

Type
NetworkProfile
Category
optional
Description

application_profile

Type
ApplicationProfile
Category
optional
Description

http_security_policy

Type
HTTPSecurityPolicy
Category
optional
Description

http_request_policy

Type
HTTPRequestPolicy
Category
optional
Description

http_response_policy

Type
HTTPResponsePolicy
Category
optional
Description

ip_addr_group

Type
IpAddrGroup
Category
optional
Description

string_group

Type
StringGroup
Category
optional
Description

ssl_profile

Type
SSLProfile
Category
optional
Description

ssl_key_and_certificate

Type
SSLKeyAndCertificate
Category
optional
Description

network_security_policy

Type
NetworkSecurityPolicy
Category
optional
Description

application_persistence_profile

Type
ApplicationPersistenceProfile
Category
optional
Description

analytics_profile

Type
AnalyticsProfile
Category
optional
Description

vs_data_script

Type
VSDataScriptSet
Category
optional
Description

tenant

Type
Tenant
Category
optional
Description

serviceenginegroup

Type
ServiceEngineGroup
Category
optional
Description

cloud

Type
Cloud
Category
optional
Description

microservice

Type
MicroService
Category
optional
Description

pool_group

Type
PoolGroup
Category
optional
Description

priority_labels

Type
PriorityLabels
Category
optional
Description

gslbservice

Type
GslbService
Category
optional
Description

gslbheathmonitor

Type
GslbHealthMonitor
Category
optional
Description

gslbgeodbprofile

Type
GslbGeoDbProfile
Category
optional
Description

gslb

Type
Gslb
Category
optional
Description

VirtualServiceSe

uuid

Type
string
Category
required
Description
Default
virtualservice

virtual_service

Type
VirtualService
Category
optional
Description

se_list

Type
SeList
Category
repeated
Description

redis_ip

Type
string
Category
optional
Description

redis_port

Type
int32
Category
optional
Description

redis_db

Type
int32
Category
optional
Description

datapath_debug

Type
DebugVirtualService
Category
optional
Description

tls_ticket_key

Type
TLSTicket
Category
repeated
Description

controller_ip

Type
string
Category
optional
Description

marked_for_delete

Type
bool
Category
optional
Description

prev_controller_ip

Type
string
Category
optional
Description

metrics_mgr_port

Type
enum
Category
optional
Description
Choices
METRICS_MGR_PORT_0, METRICS_MGR_PORT_1, METRICS_MGR_PORT_2, METRICS_MGR_PORT_3

prev_metrics_mgr_port

Type
enum
Category
optional
Description
Choices
METRICS_MGR_PORT_0, METRICS_MGR_PORT_1, METRICS_MGR_PORT_2, METRICS_MGR_PORT_3

first_se_assigned_time

Type
TimeStamp
Category
optional
Description

gs_refs

Type
Reference to GslbService
Category
repeated
Description
List of GS-UUIDs for DNS-vs.

apic_mode

Type
bool
Category
optional
Description
Default
False

ipam_dns_records

Type
DnsRecord
Category
repeated
Description
List of IPAM DNS records applied to this Virtual Service. These are static entries and no health monitoring is performed against the IP addresses.

cluster_uuid

Type
string
Category
optional
Description

gslb_send_interval

Type
uint32
Category
optional
Description
This field is the same as gslb.send_interval. It is used by SE to start various timers.

gslb_clear_on_max_retries

Type
uint32
Category
optional
Description
This field is the same as gslb.clear_on_max_retries.

version

Type
uint64
Category
optional
Description
Version number of the SE List update
Default
0

gslb_ref

Type
Reference to Gslb
Category
optional
Description
Gslb uuid for DNS-VS.

geo_ref

Type
Reference to GslbGeoDbProfile
Category
optional
Description
Geo uuid for DNS-VS

gs_refs_v2

Type
Reference to GslbService
Category
repeated
Description
List of GS-UUIDs for DNS-vs.

total_ses

Type
uint32
Category
optional
Description
total number of SEs on which this VS is placed

total_vcpus

Type
uint32
Category
optional
Description
total number of vcpus across active SEs on which this VS is placed

total_vips

Type
uint32
Category
optional
Description
total number of VIPs associated with VS
Default
1

VirtualService

uuid

Type
string
Category
required
Description
UUID of the VirtualService.

name

Type
string
Category
required
Description
Name for the Virtual Service.

fqdn

Type
string
Category
optional
Description
DNS resolvable, fully qualified domain name of the virtualservice. Only one of 'fqdn' and 'dns_info' configuration is allowed.

ip_address

Type
IpAddr
Category
optional
Description
IP Address of the Virtual Service.

enabled

Type
bool
Category
optional
Description
Enable or disable the Virtual Service.
Default
True

services

Type
Service
Category
repeated
Description
List of Services defined for this Virtual Service.

application_profile_ref

Type
Reference to ApplicationProfile
Category
optional
Description
Enable application layer specific features for the Virtual Service.
Default
/api/applicationprofile?name=System-HTTP

network_profile_ref

Type
Reference to NetworkProfile
Category
optional
Description
Determines network settings such as protocol, TCP or UDP, and related options for the protocol.
Default
/api/networkprofile?name=System-TCP-Proxy

server_network_profile_ref

Type
Reference to NetworkProfile
Category
optional
Description
Determines the network settings profile for the server side of TCP proxied connections. Leave blank to use the same settings as the client to VS side of the connection.

pool_ref

Type
Reference to Pool
Category
optional
Description
The pool is an object that contains destination servers and related attributes such as load-balancing and persistence.

se_group_ref

Type
Reference to ServiceEngineGroup
Category
optional
Description
The Service Engine Group to use for this Virtual Service. Moving to a new SE Group is disruptive to existing connections for this VS.

network_security_policy_ref

Type
Reference to NetworkSecurityPolicy
Category
optional
Description
Network security policies for the Virtual Service.

http_policies

Type
HTTPPolicies
Category
repeated
Description
HTTP Policies applied on the data traffic of the Virtual Service

dns_policies

Type
DnsPolicies
Category
repeated
Description
DNS Policies applied on the dns traffic of the Virtual Service

ssl_key_and_certificate_refs

Type
Reference to SSLKeyAndCertificate
Category
repeated
Description
Select or create one or two certificates, EC and/or RSA, that will be presented to SSL/TLS terminated connections.

ssl_profile_ref

Type
Reference to SSLProfile
Category
optional
Description
Determines the set of SSL versions and ciphers to accept for SSL/TLS terminated connections.

performance_limits

Type
PerformanceLimits
Category
optional
Description
Optional settings that determine performance limits like max connections or bandwdith etc.

analytics_policy

Type
AnalyticsPolicy
Category
optional
Description
Determines analytics settings for the application.

network_ref

Type
Reference to Network
Category
optional
Description
Manually override the network on which the Virtual Service is placed.

vrf_context_ref

Type
Reference to VrfContext
Category
optional
Description
Virtual Routing Context that the Virtual Service is bound to. This is used to provide the isolation of the set of networks the application is attached to.

enable_autogw

Type
bool
Category
optional
Description
Response traffic to clients will be sent back to the source MAC address of the connection, rather than statically sent to a default gateway.
Default
True

port_uuid

Type
string
Category
optional
Description
(internal-use) Network port assigned to the Virtual Service IP address.

subnet_uuid

Type
string
Category
optional
Description
It represents subnet for the Virtual Service IP address allocation when auto_allocate_ip is True.It is only applicable in OpenStack or AWS cloud. This field is required if auto_allocate_ip is True.

analytics_profile_ref

Type
Reference to AnalyticsProfile
Category
optional
Description
Specifies settings related to analytics.
Default
/api/analyticsprofile?name=System-Analytics-Profile

discovered_network_ref

Type
Reference to Network
Category
repeated
Description
(internal-use) Discovered networks providing reachability for client facing Virtual Service IP. This field is deprecated.

discovered_subnet

Type
IpAddrPrefix
Category
repeated
Description
(internal-use) Discovered subnets providing reachability for client facing Virtual Service IP. This field is deprecated.

host_name_xlate

Type
string
Category
optional
Description
Translate the host name sent to the servers to this value. Translate the host name sent from servers back to the value used by the client.

subnet

Type
IpAddrPrefix
Category
optional
Description
Subnet providing reachability for client facing Virtual Service IP.

discovered_networks

Type
DiscoveredNetwork
Category
repeated
Description
(internal-use) Discovered networks providing reachability for client facing Virtual Service IP. This field is used internally by Avi, not editable by the user.

vs_datascripts

Type
VSDataScripts
Category
repeated
Description
Datascripts applied on the data traffic of the Virtual Service

client_auth

Type
HTTPClientAuthenticationParams
Category
optional
Description
HTTP authentication configuration for protected resources.

weight

Type
uint32
Category
optional
Description
The Quality of Service weight to assign to traffic transmitted from this Virtual Service. A higher weight will prioritize traffic versus other Virtual Services sharing the same Service Engines.
Default
1

delay_fairness

Type
bool
Category
optional
Description
Select the algorithm for QoS fairness. This determines how multiple Virtual Services sharing the same Service Engines will prioritize traffic over a congested network.
Default
False

max_cps_per_client

Type
uint32
Category
optional
Description
Maximum connections per second per client IP.
Default
0

limit_doser

Type
bool
Category
optional
Description
Limit potential DoS attackers who exceed max_cps_per_client significantly to a fraction of max_cps_per_client for a while.
Default
False

type

Type
enum
Category
optional
Description
Specify if this is a normal Virtual Service, or if it is the parent or child of an SNI-enabled virtual hosted Virtual Service.
Default
VS_TYPE_NORMAL
Choices
VS_TYPE_NORMAL, VS_TYPE_VH_PARENT, VS_TYPE_VH_CHILD

vh_parent_vs_ref

Type
Reference to VirtualService
Category
optional
Description
Specifies the Virtual Service acting as Virtual Hosting (SNI) parent.

vh_domain_name

Type
string
Category
repeated
Description
The exact name requested from the client's SNI-enabled TLS hello domain name field. If this is a match, the parent VS will forward the connection to this child VS.

availability_zone

Type
string
Category
optional
Description
Availability-zone to place the Virtual Service.

auto_allocate_ip

Type
bool
Category
optional
Description
Auto-allocate VIP from the provided subnet.
Default
False

floating_ip

Type
IpAddr
Category
optional
Description
Floating IP to associate with this Virtual Service.

auto_allocate_floating_ip

Type
bool
Category
optional
Description
Auto-allocate floating/elastic IP from the Cloud infrastructure.
Default
False

floating_subnet_uuid

Type
string
Category
optional
Description
If auto_allocate_floating_ip is True and more than one floating-ip subnets exist, then the subnet for the floating IP address allocation. This field is applicable only if the VirtualService belongs to an OpenStack or AWS cloud. In OpenStack or AWS cloud it is required when auto_allocate_floating_ip is selected.

cloud_type

Type
enum
Category
optional
Description
Default
CLOUD_NONE
Choices
CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK, CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS, CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP, CLOUD_RANCHER, CLOUD_OSHIFT_K8S

avi_allocated_vip

Type
bool
Category
optional
Description
(internal-use) VIP allocated by Avi in the Cloud infrastructure.
Default
False

avi_allocated_fip

Type
bool
Category
optional
Description
(internal-use) FIP allocated by Avi in the Cloud infrastructure.
Default
False

connections_rate_limit

Type
RateProfile
Category
optional
Description
Rate limit the incoming connections to this virtual service

requests_rate_limit

Type
RateProfile
Category
optional
Description
Rate limit the incoming requests to this virtual service

use_bridge_ip_as_vip

Type
bool
Category
optional
Description
Use Bridge IP as VIP on each Host in Mesos deployments
Default
False

flow_dist

Type
enum
Category
optional
Description
Criteria for flow distribution among SEs.
Default
LOAD_AWARE
Choices
LOAD_AWARE, CONSISTENT_HASH_SOURCE_IP_ADDRESS, CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT

ign_pool_net_reach

Type
bool
Category
optional
Description
Ignore Pool servers network reachability constraints for Virtual Service placement.
Default
False

ssl_sess_cache_avg_size

Type
uint32
Category
optional
Description
Expected number of SSL session cache entries (may be exceeded).
Default
1024

pool_group_ref

Type
Reference to PoolGroup
Category
optional
Description
The pool group is an object that contains pools.

remove_listening_port_on_vs_down

Type
bool
Category
optional
Description
Remove listening port if VirtualService is down
Default
False

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

cloud_ref

Type
Reference to Cloud
Category
optional,readonly
Description
Default
/api/cloud?name=Default-Cloud

east_west_placement

Type
bool
Category
optional
Description
Force placement on all SE's in service group (Mesos mode only)
Default
False

scaleout_ecmp

Type
bool
Category
optional
Description
Disable re-distribution of flows across service engines for a virtual service. Enable if the network itself performs flow hashing with ECMP in environments such as GCP
Default
False

microservice_ref

Type
Reference to MicroService
Category
optional
Description
Microservice representing the virtual service

service_pool_select

Type
ServicePoolSelector
Category
repeated
Description
Select pool based on destination port

created_by

Type
string
Category
optional
Description
Creator name

cloud_config_cksum

Type
string
Category
optional
Description
Checksum of cloud configuration for VS. Internally set by cloud connector

enable_rhi

Type
bool
Category
optional
Description
Enable Route Health Injection using the BGP Config in the vrf context

snat_ip

Type
IpAddr
Category
repeated
Description
NAT'ted floating source IP Address(es) for upstream connection to servers

active_standby_se_tag

Type
enum
Category
optional
Description
This configuration only applies if the VirtualService is in Legacy Active Standby HA mode and Load Distribution among Active Standby is enabled. This field is used to tag the VirtualService so that VirtualServices with the same tag will share the same Active ServiceEngine. VirtualServices with different tags will have different Active ServiceEngines. If one of the ServiceEngine's in the ServiceEngineGroup fails, all VirtualServices will end up using the same Active ServiceEngine. Redistribution of the VirtualServices can be either manual or automated when the failed ServiceEngine recovers. Redistribution is based on the auto redistribute property of the ServiceEngineGroup.
Default
ACTIVE_STANDBY_SE_1
Choices
ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2

flow_label_type

Type
enum
Category
optional
Description
Criteria for flow labelling.
Default
NO_LABEL
Choices
NO_LABEL, SERVICE_LABEL

enable_rhi_snat

Type
bool
Category
optional
Description
Enable Route Health Injection for Source NAT'ted floating IP Address using the BGP Config in the vrf context

static_dns_records

Type
DnsRecord
Category
repeated
Description
List of static DNS records applied to this Virtual Service. These are static entries and no health monitoring is performed against the IP addresses.

ipam_network_subnet

Type
IPNetworkSubnet
Category
optional
Description
Subnet and/or Network for allocating VirtualService IP by IPAM Provider module.

dns_info

Type
DnsInfo
Category
repeated
Description
Service discovery specific data including fully qualified domain name, type and Time-To-Live of the DNS record. Note that only one of fqdn and dns_info setting is allowed.

service_metadata

Type
string
Category
optional
Description
Metadata pertaining to the Service provided by this virtual service. In Openshift/Kubernetes environments, egress pod info is stored. Any user input to this field will be overwritten by Avi Vantage.

traffic_clone_profile_ref

Type
Reference to TrafficCloneProfile
Category
optional
Description
Server network or list of servers for cloning traffic.

content_rewrite

Type
ContentRewriteProfile
Category
optional
Description
Profile used to match and rewrite strings in request and/or response body.

sideband_profile

Type
SidebandProfile
Category
optional
Description
Sideband configuration to be used for this virtualservice.It can be used for sending traffic to sideband VIPs for external inspection etc.

vip

Type
Vip
Category
repeated
Description
List of Virtual Service IPs. While creating a 'Shared VS',please use vsvip_ref to point to the shared entities.

nsx_securitygroup

Type
string
Category
repeated
Description
A list of NSX Service Groups representing the Clients which can access the Virtual IP of the Virtual Service

vsvip_ref

Type
Reference to VsVip
Category
optional
Description
Mostly used during the creation of Shared VS, this fieldrefers to entities that can be shared across Virtual Services.

Service

port

Type
uint32
Category
required
Description
The Virtual Service's port number.

enable_ssl

Type
bool
Category
optional
Description
Enable SSL termination and offload for traffic from clients.
Default
False

override_network_profile_ref

Type
Reference to NetworkProfile
Category
optional
Description
Override the network profile for this specific service port.

port_range_end

Type
uint32
Category
optional
Description
The end of the Virtual Service's port number range.
Default
0

HTTPPolicies

index

Type
int32
Category
required
Description
Index of the virtual service HTTP policy collection

http_policy_set_ref

Type
Reference to HTTPPolicySet
Category
required
Description
UUID of the virtual service HTTP policy collection

DnsPolicies

index

Type
uint32
Category
optional
Description
Index of the dns policy

dns_policy_ref

Type
Reference to DnsPolicy
Category
optional
Description
UUID of the dns policy

PerformanceLimits

max_concurrent_connections

Type
int32
Category
optional
Description
The maximum number of concurrent client conections allowed to the Virtual Service.

max_throughput

Type
int32
Category
optional
Description
The maximum throughput per second for all clients allowed through the client side of the Virtual Service.

AnalyticsPolicy

full_client_logs

Type
FullClientLogs
Category
optional
Description

client_log_filters

Type
ClientLogFilter
Category
repeated
Description

client_insights

Type
enum
Category
optional
Description
Gain insights from sampled client to server HTTP requests and responses.
Default
ACTIVE
Choices
NO_INSIGHTS, PASSIVE, ACTIVE

metrics_realtime_update

Type
MetricsRealTimeUpdate
Category
optional
Description
Settings to turn on realtime metrics and set duration for realtime updates

client_insights_sampling

Type
ClientInsightsSampling
Category
optional
Description

FullClientLogs

enabled

Type
bool
Category
required
Description
Capture all client logs including connections and requests. When disabled, only errors will be logged.
Default
False

duration

Type
uint32
Category
optional
Description
How long should the system capture all logs, measured in minutes. Set to 0 for infinite.
Units
min
Default
30

all_headers

Type
bool
Category
optional
Description
Log all headers.
Default
False

ClientLogFilter

index

Type
uint32
Category
required
Description

name

Type
string
Category
required
Description

client_ip

Type
IpAddrMatch
Category
optional
Description

all_headers

Type
bool
Category
optional
Description
Default
False

uri

Type
StringMatch
Category
optional
Description

enabled

Type
bool
Category
required
Description
Default
False

duration

Type
uint32
Category
optional
Description
Units
min
Default
30

IpAddrMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for IP address matching the HTTP request
Choices
IS_IN, IS_NOT_IN

addrs

Type
IpAddr
Category
repeated
Description
IP address(es)

ranges

Type
IpAddrRange
Category
repeated
Description
IP address range(s)

prefixes

Type
IpAddrPrefix
Category
repeated
Description
IP address prefix(es)

group_refs

Type
Reference to IpAddrGroup
Category
repeated
Description
UUID of IP address group(s)

IpAddrRange

begin

Type
IpAddr
Category
required
Description
Starting IP address of the range

end

Type
IpAddr
Category
required
Description
Ending IP address of the range

StringMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for string matching the HTTP request
Choices
BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH

match_str

Type
string
Category
repeated
Description
String value(s)

string_group_refs

Type
Reference to StringGroup
Category
repeated
Description
UUID of the string group(s)

MetricsRealTimeUpdate

enabled

Type
bool
Category
required
Description
Enables real time metrics collection. When disabled, 6 hour view is the most granular the system will track.
Default
False

duration

Type
uint32
Category
optional
Description
Real time metrics collection duration in minutes. 0 for infinite.
Units
min
Default
30

ClientInsightsSampling

skip_uris

Type
StringMatch
Category
optional
Description
URL patterns to avoid when inserting RUM script.

sample_uris

Type
StringMatch
Category
optional
Description
URL patterns to check when inserting RUM script.

client_ip

Type
IpAddrMatch
Category
optional
Description
Client IP addresses to check when inserting RUM script.

DiscoveredNetwork

network_ref

Type
Reference to Network
Category
required
Description
Discovered network for this IP.

subnet

Type
IpAddrPrefix
Category
repeated
Description
Discovered subnet for this IP.

VSDataScripts

index

Type
int32
Category
required
Description
Index of the virtual service datascript collection

vs_datascript_set_ref

Type
Reference to VSDataScriptSet
Category
required
Description
UUID of the virtual service datascript collection

HTTPClientAuthenticationParams

type

Type
enum
Category
optional
Description
type of client authentication
Choices
HTTP_BASIC_AUTH

request_uri_path

Type
StringMatch
Category
optional
Description
Rrequest URI path when the authentication applies

auth_profile_ref

Type
Reference to AuthProfile
Category
optional
Description
Auth Profile to use for validating users

realm

Type
string
Category
optional
Description
Basic authentication realm to present to a user along with the prompt for credentials.

RateProfile

count

Type
int32
Category
optional
Description
Maximum number of connections or requests or packets
Default
0

burst_sz

Type
int32
Category
optional
Description
Maximum number of connections or requests or packets to be let through instantaneously
Default
0

period

Type
int32
Category
optional
Description
Time value in seconds to enforce rate count
Units
sec
Default
1

explicit_tracking

Type
bool
Category
optional
Description
Explicitly tracks an attacker across rate periods
Default
False

fine_grain

Type
bool
Category
optional
Description
Enable fine granularity
Default
False

action

Type
RateLimiterAction
Category
optional
Description
Action to perform upon rate limiting

http_header

Type
string
Category
optional
Description
HTTP header name.

http_cookie

Type
string
Category
optional
Description
HTTP cookie name.

RateLimiterAction

type

Type
enum
Category
optional
Description
Type of action to be enforced upon hitting the rate limit.
Default
RL_ACTION_NONE
Choices
RL_ACTION_NONE, RL_ACTION_DROP_CONN, RL_ACTION_RESET_CONN, RL_ACTION_CLOSE_CONN, RL_ACTION_LOCAL_RSP, RL_ACTION_REDIRECT

redirect

Type
HTTPRedirectAction
Category
optional
Description
Parameters for HTTP Redirect rate limit action.

status_code

Type
enum
Category
optional
Description
HTTP status code for Local Response rate limit action.
Default
HTTP_LOCAL_RESPONSE_STATUS_CODE_429
Choices
HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429

file

Type
HTTPLocalFile
Category
optional
Description
File to be used for HTTP Local response rate limit action.

HTTPRedirectAction

protocol

Type
enum
Category
required
Description
Protocol type
Choices
HTTP, HTTPS

host

Type
URIParam
Category
optional
Description
Host config

port

Type
uint32
Category
optional
Description
Port to which redirect the request

path

Type
URIParam
Category
optional
Description
Path config

keep_query

Type
bool
Category
optional
Description
Keep or drop the query of the incoming request URI in the redirected URI
Default
True

status_code

Type
enum
Category
optional
Description
HTTP redirect status code
Default
HTTP_REDIRECT_STATUS_CODE_302
Choices
HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307

URIParam

type

Type
enum
Category
required
Description
URI param type
Choices
URI_PARAM_TYPE_TOKENIZED

tokens

Type
URIParamToken
Category
repeated
Description
Token config either for the URI components or a constant string

URIParamToken

type

Type
enum
Category
required
Description
Token type for constructing the URI
Choices
URI_TOKEN_TYPE_HOST, URI_TOKEN_TYPE_PATH, URI_TOKEN_TYPE_STRING, URI_TOKEN_TYPE_STRING_GROUP, URI_TOKEN_TYPE_REGEX

start_index

Type
uint32
Category
optional
Description
Index of the starting token in the incoming URI

end_index

Type
uint32
Category
optional
Description
Index of the ending token in the incoming URI

str_value

Type
string
Category
optional
Description
Constant string to use as a token

HTTPLocalFile

content_type

Type
string
Category
required
Description
Mime-type of the content in the file.

file_content

Type
string
Category
required
Description
File content to used in the local HTTP response body.

ServicePoolSelector

service_port

Type
uint32
Category
required
Description
Pool based destination port

service_pool_ref

Type
Reference to Pool
Category
optional
Description

service_protocol

Type
enum
Category
optional
Description
Destination protocol to match for the pool selection. If not specified, it will match any protocol.
Choices
PROTOCOL_TYPE_TCP_PROXY, PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH

service_pool_group_ref

Type
Reference to PoolGroup
Category
optional
Description

DnsRecord

fqdn

Type
string
Category
repeated
Description
Fully Qualified Domain Name

type

Type
enum
Category
required
Description
DNS record type
Choices
DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY

ttl

Type
uint32
Category
optional
Description
Time To Live for this DNS record

ip_address

Type
DnsARdata
Category
repeated
Description
IP address in A record

service_locator

Type
DnsSrvRdata
Category
repeated
Description
Service locator info in SRV record

cname

Type
DnsCnameRdata
Category
optional
Description
Canonical name in CNAME record

ns

Type
DnsNsRdata
Category
repeated
Description
Name Server information in NS record

num_records_in_response

Type
uint32
Category
optional
Description
Specifies the number of records returned by the DNS service. Enter 0 to return all records. Default is 0
Default
0

algorithm

Type
enum
Category
optional
Description
Specifies the algorithm to pick the IP address(es) to be returned, when multiple entries are configured. This does not apply if num_records_in_response is 0. Default is round-robin.
Default
DNS_RECORD_RESPONSE_ROUND_ROBIN
Choices
DNS_RECORD_RESPONSE_ROUND_ROBIN, DNS_RECORD_RESPONSE_CONSISTENT_HASH

wildcard_match

Type
bool
Category
optional
Description
Enable wild-card match of fqdn: if an exact match is not found in the DNS table, the longest match is chosen by wild-carding the fqdn in the DNS request. Default is false.
Default
False

delegated

Type
bool
Category
optional
Description
Configured FQDNs are delegated domains (i.e. they represent a zone cut).
Default
False

description

Type
string
Category
optional
Description
Details of DNS record

DnsARdata

ip_address

Type
IpAddr
Category
required
Description
IP address for fqdn

DnsSrvRdata

priority

Type
uint32
Category
optional
Description
Priority of the target hosting the service, low value implies higher priority for this service record
Default
0

weight

Type
uint32
Category
optional
Description
Relative weight for service records with same priority, high value implies higher preference for this service record
Default
0

target

Type
string
Category
optional
Description
Canonical hostname, of the machine hosting the service, with no trailing period. 'default.host' is valid but not 'default.host.'
Default
default.host

port

Type
uint32
Category
required
Description
Service port

DnsCnameRdata

cname

Type
string
Category
required
Description
Canonical name

DnsNsRdata

nsname

Type
string
Category
required
Description
Name Server name

ip_address

Type
IpAddr
Category
optional
Description
IP address for Name Server

IPNetworkSubnet

network_ref

Type
Reference to Network
Category
optional
Description
Network for VirtualService IP allocation with Vantage as the IPAM provider. Network should be created before this is configured.

subnet

Type
IpAddrPrefix
Category
optional
Description
Subnet for VirtualService IP allocation with Vantage or Infoblox as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed.

subnet_uuid

Type
string
Category
optional
Description
Subnet UUID or Name or Prefix for VirtualService IP allocation with AWS or OpenStack as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed.

DnsInfo

fqdn

Type
string
Category
optional
Description
Fully qualified domain name.

ttl

Type
uint32
Category
optional
Description
Time to live for fqdn record. Default value is chosen from DNS profile for this cloud if no value provided.

type

Type
enum
Category
optional
Description
DNS record type
Default
DNS_RECORD_A
Choices
DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY

num_records_in_response

Type
uint32
Category
optional
Description
Specifies the number of records returned for this FQDN. Enter 0 to return all records. Default is 0
Default
1

algorithm

Type
enum
Category
optional
Description
Specifies the algorithm to pick the IP address(es) to be returned, when multiple entries are configured. This does not apply if num_records_in_response is 0. Default is consistent hash.
Default
DNS_RECORD_RESPONSE_CONSISTENT_HASH
Choices
DNS_RECORD_RESPONSE_ROUND_ROBIN, DNS_RECORD_RESPONSE_CONSISTENT_HASH

ContentRewriteProfile

rewritable_content_ref

Type
Reference to StringGroup
Category
optional
Description
Rewrite only content types listed in this string group. Content types not present in this list are not rewritten.
Default
/api/stringgroup?name=System-Rewritable-Content-Types

request_rewrite_enabled

Type
bool
Category
optional
Description
Enable rewrite on request body.
Default
False

response_rewrite_enabled

Type
bool
Category
optional
Description
Enable rewrite on response body.
Default
False

req_match_replace_pair

Type
MatchReplacePair
Category
repeated
Description
Strings to be matched and replaced with on the request body.

rsp_match_replace_pair

Type
MatchReplacePair
Category
repeated
Description
Strings to be matched and replaced with on the response body.

MatchReplacePair

match_string

Type
string
Category
optional
Description
String to be matched.

replacement_string

Type
ReplaceStringVar
Category
optional
Description
Replacement string.

ReplaceStringVar

type

Type
enum
Category
optional
Description
Type of replacement string - can be a variable exposed from datascript, value of an HTTP header or a custom user-input literal string.
Choices
DATASCRIPT_VAR, HTTP_HEADER_VAR, LITERAL_STRING

val

Type
string
Category
optional
Description
Value of the replacement string - name of variable exposed from datascript, name of the HTTP header or a custom user-input literal string.

SidebandProfile

ip

Type
IpAddr
Category
repeated
Description
IP Address of the sideband server.

sideband_max_request_body_size

Type
int32
Category
optional
Description
Maximum size of the request body that will be sent on the sideband.
Default
1024

Vip

vip_id

Type
string
Category
optional
Description
Unique ID associated with the vip.

ip_address

Type
IpAddr
Category
optional
Description
IP Address of the Vip.

enabled

Type
bool
Category
optional
Description
Enable or disable the Vip.
Default
True

network_ref

Type
Reference to Network
Category
optional
Description
Manually override the network on which the Vip is placed.

port_uuid

Type
string
Category
optional
Description
(internal-use) Network port assigned to the Vip IP address.

subnet_uuid

Type
string
Category
optional
Description
If auto_allocate_ip is True, then the subnet for the Vip IP address allocation. This field is applicable only if the VirtualService belongs to an Openstack or AWS cloud, in which case it is mandatory, if auto_allocate is selected.

subnet

Type
IpAddrPrefix
Category
optional
Description
Subnet providing reachability for client facing Vip IP.

discovered_networks

Type
DiscoveredNetwork
Category
repeated
Description
Discovered networks providing reachability for client facing Vip IP.

availability_zone

Type
string
Category
optional
Description
Availability-zone to place the Virtual Service.

auto_allocate_ip

Type
bool
Category
optional
Description
Auto-allocate VIP from the provided subnet.
Default
False

floating_ip

Type
IpAddr
Category
optional
Description
Floating IP to associate with this Vip.

auto_allocate_floating_ip

Type
bool
Category
optional
Description
Auto-allocate floating/elastic IP from the Cloud infrastructure.
Default
False

floating_subnet_uuid

Type
string
Category
optional
Description
If auto_allocate_floating_ip is True and more than one floating-ip subnets exist, then the subnet for the floating IP address allocation.

avi_allocated_vip

Type
bool
Category
optional
Description
(internal-use) VIP allocated by Avi in the Cloud infrastructure.
Default
False

avi_allocated_fip

Type
bool
Category
optional
Description
(internal-use) FIP allocated by Avi in the Cloud infrastructure.
Default
False

ipam_network_subnet

Type
IPNetworkSubnet
Category
optional
Description
Subnet and/or Network for allocating VirtualService IP by IPAM Provider module.

SeList

se_ref

Type
Reference to ServiceEngine
Category
required
Description

is_primary

Type
bool
Category
optional
Description
Default
True

is_standby

Type
bool
Category
optional
Description
Default
False

is_connected

Type
bool
Category
optional
Description
Default
True

delete_in_progress

Type
bool
Category
optional
Description
Default
False

vcpus

Type
int32
Category
optional
Description
Default
2

memory

Type
int32
Category
optional
Description
Default
2001

vip_intf_mac

Type
string
Category
optional
Description
Default

vip_subnet_mask

Type
int32
Category
optional
Description
Default
32

vnic

Type
VsSeVnic
Category
repeated
Description

pending_download

Type
bool
Category
optional
Description
Default
False

sec_idx

Type
int32
Category
optional
Description
Default
1

download_selist_only

Type
bool
Category
optional
Description
Default
False

vlan_id

Type
int32
Category
optional
Description
Default
0

snat_ip

Type
IpAddr
Category
optional
Description

vip_intf_ip

Type
IpAddr
Category
optional
Description

vip_intf_list

Type
SeVipInterfaceList
Category
repeated
Description

floating_intf_ip

Type
IpAddr
Category
repeated
Description

is_portchannel

Type
bool
Category
optional
Description
Default
False

scalein_in_progress

Type
bool
Category
optional
Description
Default
False

admin_down_requested

Type
bool
Category
optional
Description
Default
False

at_curr_ver

Type
bool
Category
optional
Description
Default
True

version

Type
string
Category
optional
Description
Default
0.0.0

gslb_download

Type
bool
Category
optional
Description
This flag indicates whether the gslb, ghm, gs objects have been pushed to the DNS-VS's SE.
Default
False

geo_download

Type
bool
Category
optional
Description
This flag indicates whether the geo-files have been pushed to the DNS-VS's SE.
Default
False

geodb_download

Type
bool
Category
optional
Description
This flag indicates whether the geodb object has been pushed to the DNS-VS's SE.
Default
False

VsSeVnic

mac

Type
string
Category
required
Description

type

Type
enum
Category
required
Description
Choices
VNIC_TYPE_FE, VNIC_TYPE_BE, VNIC_TYPE_INT_PRIMARY, VNIC_TYPE_INT_SECONDARY, VNIC_TYPE_INT

lif

Type
string
Category
optional
Description

SeVipInterfaceList

vip_intf_mac

Type
string
Category
required
Description

vlan_id

Type
int32
Category
optional
Description
Default
0

vip_intf_ip

Type
IpAddr
Category
optional
Description

is_portchannel

Type
bool
Category
optional
Description
Default
False

DebugVirtualService

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

flags

Type
DebugVsDataplane
Category
repeated
Description

debug_ip

Type
DebugIpAddr
Category
optional
Description

capture

Type
bool
Category
optional
Description

capture_params

Type
DebugVirtualServiceCapture
Category
optional
Description

se_params

Type
DebugVirtualServiceSeParams
Category
optional
Description

debug_hm

Type
enum
Category
optional
Description
This option controls the capture of Health Monitor flows.
Default
DEBUG_VS_HM_NONE
Choices
DEBUG_VS_HM_NONE, DEBUG_VS_HM_ONLY, DEBUG_VS_HM_INCLUDE

tenant_ref

Type
Reference to Tenant
Category
optional
Description

cloud_ref

Type
Reference to Cloud
Category
optional,readonly
Description
Default
/api/cloud?name=Default-Cloud

DebugVsDataplane

flag

Type
enum
Category
required
Description
Choices
DEBUG_VS_TCP_CONNECTION, DEBUG_VS_TCP_PKT, DEBUG_VS_TCP_APP, DEBUG_VS_TCP_APP_PKT, DEBUG_VS_TCP_RETRANSMIT, DEBUG_VS_TCP_TIMER, DEBUG_VS_TCP_CONN_ERROR, DEBUG_VS_TCP_PKT_ERROR, DEBUG_VS_TCP_REXMT, DEBUG_VS_TCP_ALL, DEBUG_VS_CREDIT, DEBUG_VS_PROXY_CONNECTION, DEBUG_VS_PROXY_PKT, DEBUG_VS_PROXY_ERR, DEBUG_VS_UDP, DEBUG_VS_UDP_PKT, DEBUG_VS_HM, DEBUG_VS_HM_ERR, DEBUG_VS_HM_PKT, DEBUG_VS_HTTP_CORE, DEBUG_VS_HTTP_ALL, DEBUG_VS_CONFIG, DEBUG_VS_EVENTS, DEBUG_VS_HTTP_RULES, DEBUG_VS_HM_EXT, DEBUG_VS_SSL, DEBUG_VS_ALL, DEBUG_VS_ERROR, DEBUG_VS_NONE

DebugIpAddr

addrs

Type
IpAddr
Category
repeated
Description

ranges

Type
IpAddrRange
Category
repeated
Description

prefixes

Type
IpAddrPrefix
Category
repeated
Description

DebugVirtualServiceCapture

pkt_size

Type
uint32
Category
optional
Description
Number of bytes of each packet to capture. Use 0 to capture the entire packet.
Default
128

duration

Type
uint32
Category
optional
Description
Number of minutes to capture packets. Use 0 to capture until manually stopped.
Units
min
Default
0

num_pkts

Type
uint32
Category
optional
Description
Total number of packets to capture.

DebugVirtualServiceSeParams

se_uuids

Type
string
Category
repeated
Description

TLSTicket

name

Type
string
Category
required
Description

aes_key

Type
Unknown
Category
required
Description

hmac_key

Type
Unknown
Category
required
Description

Pool

uuid

Type
string
Category
required
Description
UUID of the pool

name

Type
string
Category
required
Description
The name of the pool.

default_server_port

Type
int32
Category
optional
Description
Traffic sent to servers will use this destination server port unless overridden by the server's specific port attribute. The SSL checkbox enables Avi to server encryption.
Default
80

graceful_disable_timeout

Type
int32
Category
optional
Description
Used to gracefully disable a server. Virtual service waits for the specified time before terminating the existing connections to the servers that are disabled.
Units
min
Default
1

connection_ramp_duration

Type
int32
Category
optional
Description
Duration for which new connections will be gradually ramped up to a server recently brought online. Useful for LB algorithms that are least connection based.
Units
min
Default
10

max_concurrent_connections_per_server

Type
int32
Category
optional
Description
The maximum number of concurrent connections allowed to each server within the pool. NOTE: applied value will be no less than the number of service engines that the pool is placed on. If set to 0, no limit is applied.
Default
0

health_monitor_refs

Type
Reference to HealthMonitor
Category
repeated
Description
Verify server health by applying one or more health monitors. Active monitors generate synthetic traffic from each Service Engine and mark a server up or down based on the response. The Passive monitor listens only to client to server communication. It raises or lowers the ratio of traffic destined to a server based on successful responses.

servers

Type
Server
Category
repeated
Description
The pool directs load balanced traffic to this list of destination servers. The servers can be configured by IP address, name, network or via IP Address Group

server_count

Type
int32
Category
optional
Description
Default
0

lb_algorithm

Type
enum
Category
optional
Description
The load balancing algorithm will pick a server within the pool's list of available servers.
Default
LB_ALGORITHM_LEAST_CONNECTIONS
Choices
LB_ALGORITHM_LEAST_CONNECTIONS, LB_ALGORITHM_ROUND_ROBIN, LB_ALGORITHM_FASTEST_RESPONSE, LB_ALGORITHM_CONSISTENT_HASH, LB_ALGORITHM_LEAST_LOAD, LB_ALGORITHM_FEWEST_SERVERS, LB_ALGORITHM_RANDOM, LB_ALGORITHM_FEWEST_TASKS, LB_ALGORITHM_NEAREST_SERVER

lb_algorithm_hash

Type
enum
Category
optional
Description
Criteria used as a key for determining the hash between the client and server.
Default
LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS
Choices
LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS, LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT, LB_ALGORITHM_CONSISTENT_HASH_URI, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_HEADER

lb_algorithm_consistent_hash_hdr

Type
string
Category
optional
Description
HTTP header name to be used for the hash key.

networks

Type
NetworkFilter
Category
repeated
Description
(internal-use) Networks designated as containing servers for this pool. The servers may be further narrowed down by a filter. This field is used internally by Avi, not editable by the user.

placement_networks

Type
PlacementNetwork
Category
repeated
Description
Manually select the networks and subnets used to provide reachability to the pool's servers. Specify the Subnet using the following syntax: 10-1-1-0/24. Use static routes in VRF configuration when pool servers are not directly connected butroutable from the service engine.

application_persistence_profile_ref

Type
Reference to ApplicationPersistenceProfile
Category
optional
Description
Persistence will ensure the same user sticks to the same server for a desired duration of time.

ssl_profile_ref

Type
Reference to SSLProfile
Category
optional
Description
When enabled, Avi re-encrypts traffic to the backend servers. The specific SSL profile defines which ciphers and SSL versions will be supported.

inline_health_monitor

Type
bool
Category
optional
Description
The Passive monitor will monitor client to server connections and requests and adjust traffic load to servers based on successful responses. This may alter the expected behavior of the LB method, such as Round Robin.
Default
True

use_service_port

Type
bool
Category
optional
Description
Do not translate the client's destination port when sending the connection to the server. The pool or servers specified service port will still be used for health monitoring.
Default
False

fail_action

Type
FailAction
Category
optional
Description
Enable an action - Close Connection, HTTP Redirect, Local HTTP Response, or Backup Pool - when a pool failure happens. By default, a connection will be closed, in case the pool experiences a failure.

capacity_estimation

Type
bool
Category
optional
Description
Inline estimation of capacity of servers.
Default
False

capacity_estimation_ttfb_thresh

Type
uint32
Category
optional
Description
The maximum time-to-first-byte of a server.
Default
0

pki_profile_ref

Type
Reference to PKIProfile
Category
optional
Description
Avi will validate the SSL certificate present by a server against the selected PKI Profile.

ssl_key_and_certificate_ref

Type
Reference to SSLKeyAndCertificate
Category
optional
Description
Service Engines will present a client SSL certificate to the server.

server_auto_scale

Type
bool
Category
optional
Description
Server AutoScale. Not used anymore.
Default
False

prst_hdr_name

Type
string
Category
optional
Description
Header name for custom header persistence

apic_epg_name

Type
string
Category
optional
Description
Synchronize Cisco APIC EPG members with pool servers

autoscale_networks

Type
string
Category
repeated
Description
Network Ids for the launch configuration

autoscale_policy_ref

Type
Reference to ServerAutoScalePolicy
Category
optional
Description
Reference to Server Autoscale Policy

autoscale_launch_config_ref

Type
Reference to AutoScaleLaunchConfig
Category
optional
Description
If configured then Avi will trigger orchestration of pool server creation and deletion. It is only supported for container clouds like Mesos, Opensift, Kubernates, Docker etc.

vrf_ref

Type
Reference to VrfContext
Category
optional,readonly
Description
Virtual Routing Context that the pool is bound to. This is used to provide the isolation of the set of networks the pool is attached to. The pool inherits the Virtual Routing Conext of the Virtual Service, and this field is used only internally, and is set by pb-transform.

ipaddrgroup_ref

Type
Reference to IpAddrGroup
Category
optional
Description
Use list of servers from Ip Address Group

fewest_tasks_feedback_delay

Type
uint32
Category
optional
Description
Periodicity of feedback for fewest tasks server selection algorithm.
Units
sec
Default
10

enabled

Type
bool
Category
optional
Description
Enable or disable the pool. Disabling will terminate all open connections and pause health monitors.
Default
True

max_conn_rate_per_server

Type
RateProfile
Category
optional
Description
Rate Limit connections to each server.

east_west

Type
bool
Category
optional
Description
Inherited config from VirtualService.

created_by

Type
string
Category
optional
Description
Creator name

cloud_config_cksum

Type
string
Category
optional
Description
Checksum of cloud configuration for Pool. Internally set by cloud connector

request_queue_enabled

Type
bool
Category
optional
Description
Enable request queue when pool is full
Default
False

request_queue_depth

Type
uint32
Category
optional
Description
Minimum number of requests to be queued when pool is full.
Default
128

ab_pool

Type
AbPool
Category
optional
Description
A/B pool configuration.

server_reselect

Type
HTTPServerReselect
Category
optional
Description
Server reselect configuration for HTTP requests.

a_pool

Type
string
Category
optional
Description
Name of container cloud application that constitutes A pool in a A-B pool configuration, if different from VS app

ab_priority

Type
uint32
Category
optional
Description
Priority of this pool in a A-B pool pair. Internally used

host_check_enabled

Type
bool
Category
optional
Description
Enable common name check for server certificate. If enabled and no explicit domain name is specified, Avi will use the incoming host header to do the match.
Default
False

domain_name

Type
string
Category
repeated
Description
Comma separated list of domain names which will be used to verify the common names or subject alternative names presented by server certificates. It is performed only when common name check host_check_enabled is enabled.

sni_enabled

Type
bool
Category
optional
Description
Enable TLS SNI for server connections. If disabled, Avi will not send the SNI extension as part of the handshake.
Default
True

server_name

Type
string
Category
optional
Description
Fully qualified DNS hostname which will be used in the TLS SNI extension in server connections if SNI is enabled. If no value is specified, Avi will use the incoming host header instead.

rewrite_host_header_to_sni

Type
bool
Category
optional
Description
If SNI server name is specified, rewrite incoming host header to the SNI server name.
Default
False

rewrite_host_header_to_server_name

Type
bool
Category
optional
Description
Rewrite incoming Host Header to server name of the server to which the request is proxied. Enabling this feature rewrites Host Header for requests to all servers in the pool.
Default
False

nsx_securitygroup

Type
string
Category
repeated
Description
A list of NSX Service Groups where the Servers for the Pool are created

external_autoscale_groups

Type
string
Category
repeated
Description
Names of external auto-scale groups for pool servers. Currently available only for AWS

description

Type
string
Category
optional
Description
A description of the pool.

tenant_ref

Type
Reference to Tenant
Category
optional
Description

cloud_ref

Type
Reference to Cloud
Category
optional,readonly
Description
Default
/api/cloud?name=Default-Cloud

Server

ip

Type
IpAddr
Category
required
Description
IP Address of the server. Required if there is no resolvable host name.

port

Type
int32
Category
optional
Description
Optionally specify the servers port number. This will override the pool's default server port attribute.

hostname

Type
string
Category
optional
Description
DNS resolvable name of the server. May be used in place of the IP address.

enabled

Type
bool
Category
optional
Description
Enable, Disable or Graceful Disable determine if new or existing connections to the server are allowed.
Default
True

ratio

Type
int32
Category
optional
Description
Ratio of selecting eligible servers in the pool
Default
1

vm_ref

Type
Reference to VIMgrVMRuntime
Category
optional
Description
(internal-use) This field is used internally by Avi, not editable by the user.

nw_ref

Type
Reference to VIMgrNWRuntime
Category
optional
Description
(internal-use) This field is used internally by Avi, not editable by the user.

discovered_network_ref

Type
Reference to Network
Category
repeated
Description
(internal-use) Discovered network for this server. This field is deprecated.

external_uuid

Type
string
Category
optional
Description
UUID identifying VM in OpenStack and other external compute

discovered_subnet

Type
IpAddrPrefix
Category
repeated
Description
(internal-use) Discovered subnet for this server. This field is deprecated.

verify_network

Type
bool
Category
optional
Description
Verify server belongs to a discovered network or reachable via a discovered network. Verify reachable network isn't the OpenStack management network
Default
False

discovered_networks

Type
DiscoveredNetwork
Category
repeated
Description
(internal-use) Discovered networks providing reachability for server IP. This field is used internally by Avi, not editable by the user.

resolve_server_by_dns

Type
bool
Category
optional
Description
Auto resolve server's IP using DNS name
Default
False

prst_hdr_val

Type
string
Category
optional
Description
Header value for custom header persistence.

mac_address

Type
string
Category
optional
Description
MAC address of server.

static

Type
bool
Category
optional
Description
If statically learned.
Default
False

server_node

Type
string
Category
optional
Description
Hostname of the node where the server VM or container resides

availability_zone

Type
string
Category
optional
Description
Availability-zone of the server VM.

rewrite_host_header

Type
bool
Category
optional
Description
Rewrite incoming Host Header to server name.
Default
False

external_orchestration_id

Type
string
Category
optional
Description
UID of server in external orchestration systems

description

Type
string
Category
optional
Description
A description of the Server.

location

Type
GeoLocation
Category
optional,readonly
Description
(internal-use) Geographic location of the server.Currently only for internal usage.

autoscaling_group_name

Type
string
Category
optional,readonly
Description
Name of autoscaling group this server belongs to.

GeoLocation

latitude

Type
float
Category
optional
Description
Latitude of the location.

longitude

Type
float
Category
optional
Description
Longitude of the location.

name

Type
string
Category
optional
Description
Location name in the format Country/State/City.

tag

Type
string
Category
optional
Description
Location tag string - example: USEast.

NetworkFilter

network_ref

Type
Reference to VIMgrNWRuntime
Category
required
Description

server_filter

Type
string
Category
optional
Description

PlacementNetwork

network_ref

Type
Reference to Network
Category
required
Description

subnet

Type
IpAddrPrefix
Category
optional
Description

FailAction

type

Type
enum
Category
required
Description
Enables a response to client when pool experiences a failure. By default TCP connection is closed.
Default
FAIL_ACTION_CLOSE_CONN
Choices
FAIL_ACTION_HTTP_REDIRECT, FAIL_ACTION_HTTP_LOCAL_RSP, FAIL_ACTION_CLOSE_CONN, FAIL_ACTION_BACKUP_POOL

redirect

Type
FailActionHTTPRedirect
Category
optional
Description
URL to redirect HTTP requests to when pool experiences a failure

local_rsp

Type
FailActionHTTPLocalResponse
Category
optional
Description
Local response to HTTP requests when pool experiences a failure

backup_pool

Type
FailActionBackupPool
Category
optional
Description
Backup Pool when pool experiences a failure

FailActionHTTPRedirect

protocol

Type
enum
Category
optional
Description
Default
HTTPS
Choices
HTTP, HTTPS

host

Type
string
Category
required
Description

path

Type
string
Category
optional
Description

query

Type
string
Category
optional
Description

status_code

Type
enum
Category
optional
Description
Default
HTTP_REDIRECT_STATUS_CODE_302
Choices
HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307

FailActionHTTPLocalResponse

status_code

Type
enum
Category
optional
Description
Default
FAIL_HTTP_STATUS_CODE_503
Choices
FAIL_HTTP_STATUS_CODE_200, FAIL_HTTP_STATUS_CODE_503

file

Type
HTTPLocalFile
Category
optional
Description

FailActionBackupPool

backup_pool_ref

Type
Reference to Pool
Category
required
Description
Specifies the UUID of the Pool acting as backup pool.

AbPool

pool_ref

Type
Reference to Pool
Category
required
Description
Pool configured as B pool for A/B testing

ratio

Type
uint32
Category
optional
Description
Ratio of traffic diverted to the B pool, for A/B testing
Default
0

HTTPServerReselect

enabled

Type
bool
Category
required
Description
Enable HTTP request reselect when server responds with specific response codes.
Default
False

svr_resp_code

Type
HTTPReselectRespCode
Category
optional
Description
Server response codes which will trigger an HTTP request retry.

num_retries

Type
uint32
Category
optional
Description
Number of times to retry an HTTP request when server responds with configured status codes.
Default
4

retry_nonidempotent

Type
bool
Category
optional
Description
Allow retry of non-idempotent HTTP requests.
Default
False

HTTPReselectRespCode

codes

Type
int32
Category
repeated
Description
HTTP response code to be matched.

ranges

Type
HTTPStatusRange
Category
repeated
Description
HTTP response code ranges to match.

resp_code_block

Type
enum
Category
repeated
Description
Block of HTTP response codes to match for server reselect.
Choices
HTTP_RSP_4XX, HTTP_RSP_5XX

HTTPStatusRange

begin

Type
int32
Category
required
Description
Starting HTTP response status code

end

Type
int32
Category
required
Description
Ending HTTP response status code

HealthMonitor

uuid

Type
string
Category
required
Description
UUID of the health monitor.

name

Type
string
Category
required
Description
A user friendly name for this health monitor.

send_interval

Type
int32
Category
optional
Description
Frequency, in seconds, that monitors are sent to a server.
Units
sec
Default
10

receive_timeout

Type
int32
Category
optional
Description
A valid response from the server is expected within the receive timeout window. This timeout must be less than the send interval. If server status is regularly flapping up and down, consider increasing this value.
Units
sec
Default
4

successful_checks

Type
int32
Category
optional
Description
Number of continuous successful health checks before server is marked up.
Default
2

failed_checks

Type
int32
Category
optional
Description
Number of continuous failed health checks before the server is marked down.
Default
2

type

Type
enum
Category
required
Description
Type of the health monitor.
Choices
HEALTH_MONITOR_PING, HEALTH_MONITOR_TCP, HEALTH_MONITOR_HTTP, HEALTH_MONITOR_HTTPS, HEALTH_MONITOR_EXTERNAL, HEALTH_MONITOR_UDP, HEALTH_MONITOR_DNS, HEALTH_MONITOR_GSLB

tcp_monitor

Type
HealthMonitorTcp
Category
optional
Description

http_monitor

Type
HealthMonitorHttp
Category
optional
Description

https_monitor

Type
HealthMonitorHttp
Category
optional
Description

external_monitor

Type
HealthMonitorExternal
Category
optional
Description

udp_monitor

Type
HealthMonitorUdp
Category
optional
Description

dns_monitor

Type
HealthMonitorDNS
Category
optional
Description

monitor_port

Type
int32
Category
optional
Description
Use this port instead of the port defined for the server in the Pool. If the monitor succeeds to this port, the load balanced traffic will still be sent to the port of the server defined within the Pool.

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

HealthMonitorTcp

tcp_request

Type
string
Category
optional
Description
Request data to send after completing the TCP handshake.

tcp_response

Type
string
Category
optional
Description
Match for the desired keyword in the first 2Kb of the server's TCP response. If this field is left blank, no server response is required.

maintenance_response

Type
string
Category
optional
Description
Match or look for this keyword in the first 2KB of server's response indicating server maintenance. A successful match results in the server being marked down.

tcp_half_open

Type
bool
Category
optional
Description
Configure TCP health monitor to use half-open TCP connections to monitor the health of backend servers thereby avoiding consumption of a full fledged server side connection and the overhead and logs associated with it. This method is light-weight as it makes use of listener in server's kernel layer to measure the health and a child socket or user thread is not created on the server side.
Default
False

HealthMonitorHttp

http_request

Type
string
Category
optional
Description
Send an HTTP request to the server. The default GET / HTTP/1.0 may be extended with additional headers or information. For instance, GET /index.htm HTTP/1.1 Host: www.site.com Connection: Close
Default
GET / HTTP/1.0

http_response_code

Type
enum
Category
repeated
Description
List of HTTP response codes to match as successful. Default is 2xx.
Choices
HTTP_ANY, HTTP_1XX, HTTP_2XX, HTTP_3XX, HTTP_4XX, HTTP_5XX

http_response

Type
string
Category
optional
Description
Match for a keyword in the first 2Kb of the server header and body response.

maintenance_code

Type
uint32
Category
repeated
Description
Match or look for this HTTP response code indicating server maintenance. A successful match results in the server being marked down.

maintenance_response

Type
string
Category
optional
Description
Match or look for this keyword in the first 2KB of server header and body response indicating server maintenance. A successful match results in the server being marked down.

ssl_attributes

Type
HealthMonitorSSLAttributes
Category
optional
Description
SSL attributes for HTTPS health monitor.

HealthMonitorSSLAttributes

ssl_profile_ref

Type
Reference to SSLProfile
Category
optional
Description
SSL profile defines ciphers and SSL versions to be used for healthmonitor traffic to the back-end servers.

pki_profile_ref

Type
Reference to PKIProfile
Category
optional
Description
PKI profile used to validate the SSL certificate presented by a server.

ssl_key_and_certificate_ref

Type
Reference to SSLKeyAndCertificate
Category
optional
Description
Service engines will present this SSL certificate to the server.

HealthMonitorExternal

command_path

Type
string
Category
optional
Description
Path of external health monitor script.

command_parameters

Type
string
Category
optional
Description
Optional arguments to feed into the script.

command_code

Type
string
Category
required
Description
Command script provided inline.

command_variables

Type
string
Category
optional
Description
Environment variables to be fed into the script.

HealthMonitorUdp

udp_request

Type
string
Category
optional
Description
Send UDP request.

udp_response

Type
string
Category
optional
Description
Match for keyword in the UDP response.

maintenance_response

Type
string
Category
optional
Description
Match or look for this keyword in the first 2KB of server's response indicating server maintenance. A successful match results in the server being marked down.

HealthMonitorDNS

query_name

Type
string
Category
required
Description
The DNS monitor will query the DNS server for the fully qualified name in this field.

qtype

Type
enum
Category
optional
Description
Query_Type: Response has atleast one answer of which the resource record type matches the query type Any_Type: Response should contain atleast one answer AnyThing: An empty answer is enough
Default
DNS_QUERY_TYPE
Choices
DNS_QUERY_TYPE, DNS_ANY_TYPE, DNS_ANY_THING

rcode

Type
enum
Category
optional
Description
When No Error is selected, a DNS query will be marked failed is any error code is returned by the server. With Any selected, the monitor ignores error code in the responses.
Default
RCODE_NO_ERROR
Choices
RCODE_NO_ERROR, RCODE_ANYTHING

response_string

Type
string
Category
optional
Description
The resource record of the queried DNS server's response for the Request Name must include the IP address defined in this field.

NetworkProfile

uuid

Type
string
Category
required
Description
UUID of the network profile.

name

Type
string
Category
required
Description
The name of the network profile.

profile

Type
NetworkProfileUnion
Category
required
Description

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

NetworkProfileUnion

type

Type
enum
Category
required
Description
Configure one of either proxy or fast path profiles.
Default
PROTOCOL_TYPE_TCP_PROXY
Choices
PROTOCOL_TYPE_TCP_PROXY, PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH

tcp_proxy_profile

Type
TCPProxyProfile
Category
optional
Description

tcp_fast_path_profile

Type
TCPFastPathProfile
Category
optional
Description

udp_fast_path_profile

Type
UDPFastPathProfile
Category
optional
Description

TCPProxyProfile

automatic

Type
bool
Category
optional
Description
Dynamically pick the relevant parameters for connections.
Default
True

idle_connection_type

Type
enum
Category
optional
Description
Controls the behavior of idle connections.
Default
KEEP_ALIVE
Choices
KEEP_ALIVE, CLOSE_IDLE

idle_connection_timeout

Type
int32
Category
optional
Description
The duration for keepalive probes or session idle timeout. Max value is 3600 seconds, min is 60. Set to 0 to allow infinite idle time.
Units
sec
Default
600

ignore_time_wait

Type
bool
Category
optional
Description
A new SYN is accepted from the same 4-tuple even if there is already a connection in TIME_WAIT state. This is equivalent of setting Time Wait Delay to 0
Default
False

time_wait_delay

Type
int32
Category
optional
Description
The time (in millisec) to wait before closing a connection in the TIME_WAIT state.
Default
2000

max_retransmissions

Type
int32
Category
optional
Description
The number of attempts at retransmit before closing the connection.
Default
8

max_syn_retransmissions

Type
int32
Category
optional
Description
The maximum number of attempts at retransmitting a SYN packet before giving up.
Default
8

receive_window

Type
int32
Category
optional
Description
Size of the receive window.
Units
kb
Default
64

use_interface_mtu

Type
bool
Category
optional
Description
Use the interface MTU to calculate the TCP max segment size.
Default
True

max_segment_size

Type
int32
Category
optional
Description
Maximum TCP segment size.

nagles_algorithm

Type
bool
Category
optional
Description
Consolidates small data packets to send clients fewer but larger packets. Adversely affects real time protocols such as telnet or SSH.
Default
False

ip_dscp

Type
int32
Category
optional
Description
Controls the value of the Differentiated Services Code Point field inserted in the IP header. This has two options: Set to a specific value, or Pass Through, which uses the incoming DSCP value.
Default
0

cc_algo

Type
enum
Category
optional
Description
Controls the congestion control algorithm we use.
Default
CC_ALGO_NEW_RENO
Choices
CC_ALGO_NEW_RENO, CC_ALGO_CUBIC, CC_ALGO_HTCP

aggressive_congestion_avoidance

Type
bool
Category
optional
Description
Controls the our congestion window to send, normally it's 1 mss, If this option is turned on, we use 10 msses
Default
False

TCPFastPathProfile

session_idle_timeout

Type
int32
Category
optional
Description
The amount of time (in sec) for which a connection needs to be idle before it is eligible to be deleted.
Units
sec
Default
300

enable_syn_protection

Type
bool
Category
optional
Description
When enabled, Avi will complete the 3-way handshake with the client before forwarding any packets to the server. This will protect the server from SYN flood and half open SYN connections.
Default
False

UDPFastPathProfile

session_idle_timeout

Type
int32
Category
optional
Description
The amount of time (in sec) for which a flow needs to be idle before it is deleted.
Units
sec
Default
10

per_pkt_loadbalance

Type
bool
Category
optional
Description
When enabled, every UDP packet is considered a new transaction and may be load balanced to a different server. When disabled, packets from the same client source IP and port are sent to the same server.
Default
False

snat

Type
bool
Category
optional
Description
When disabled, Source NAT will not be performed for all client UDP packets
Default
True

ApplicationProfile

uuid

Type
string
Category
required
Description
UUID of the application profile.

name

Type
string
Category
required
Description
The name of the application profile.

type

Type
enum
Category
required
Description
Specifies which application layer proxy is enabled for the virtual service.
Choices
APPLICATION_PROFILE_TYPE_L4, APPLICATION_PROFILE_TYPE_HTTP, APPLICATION_PROFILE_TYPE_SYSLOG, APPLICATION_PROFILE_TYPE_DNS, APPLICATION_PROFILE_TYPE_SSL

http_profile

Type
HTTPApplicationProfile
Category
optional
Description
Specifies the HTTP application proxy profile parameters.

dos_rl_profile

Type
DosRateLimitProfile
Category
optional
Description
Specifies various security related controls for virtual service.

tcp_app_profile

Type
TCPApplicationProfile
Category
optional
Description
Specifies the TCP application proxy profile parameters.

dns_service_profile

Type
DnsServiceApplicationProfile
Category
optional
Description
Specifies various DNS service related controls for virtual service.

preserve_client_ip

Type
bool
Category
optional
Description
Specifies if client IP needs to be preserved for backend connection. Not compatible with Connection Multiplexing.
Default
False

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

HTTPApplicationProfile

connection_multiplexing_enabled

Type
bool
Category
optional
Description
Allows HTTP requests, not just TCP connections, to be load balanced across servers. Proxied TCP connections to servers may be reused by multiple clients to improve performance. Not compatible with Preserve Client IP.
Default
True

xff_enabled

Type
bool
Category
optional
Description
The client's original IP address is inserted into an HTTP request header sent to the server. Servers may use this address for logging or other purposes, rather than Avi's source NAT address used in the Avi to server IP connection.
Default
True

xff_alternate_name

Type
string
Category
optional
Description
Provide a custom name for the X-Forwarded-For header sent to the servers.
Default
X-Forwarded-For

ssl_everywhere_enabled

Type
bool
Category
optional
Description
Enable common settings to increase the level of security for virtual services running HTTP and HTTPS. For sites that are HTTP only, these settings will have no effect.
Default
False

hsts_enabled

Type
bool
Category
optional
Description
Inserts HTTP Strict-Transport-Security header in the HTTPS response. HSTS can help mitigate man-in-the-middle attacks by telling browsers that support HSTS that they should only access this site via HTTPS.
Default
False

hsts_max_age

Type
uint64
Category
optional
Description
Number of days for which the client should regard this virtual service as a known HSTS host.
Default
365

secure_cookie_enabled

Type
bool
Category
optional
Description
Mark server cookies with the 'Secure' attribute. Client browsers will not send a cookie marked as secure over an unencrypted connection. If Avi is terminating SSL from clients and passing it as HTTP to the server, the server may return cookies without the secure flag set.
Default
False

httponly_enabled

Type
bool
Category
optional
Description
Mark HTTP cookies as HTTPonly. This helps mitigate cross site scripting attacks as browsers will not allow these cookies to be read by third parties, such as javascript.
Default
False

http_to_https

Type
bool
Category
optional
Description
Client requests received via HTTP will be redirected to HTTPS.
Default
False

server_side_redirect_to_https

Type
bool
Category
optional
Description
When terminating client SSL sessions at Avi, servers may incorrectly send redirect to clients as HTTP. This option will rewrite the server's redirect responses for this virtual service from HTTP to HTTPS.
Default
False

x_forwarded_proto_enabled

Type
bool
Category
optional
Description
Insert an X-Forwarded-Proto header in the request sent to the server. When the client connects via SSL, Avi terminates the SSL, and then forwards the requests to the servers via HTTP, so the servers can determine the original protocol via this header. In this example, the value will be 'https'.
Default
False

compression_profile

Type
CompressionProfile
Category
optional
Description
HTTP Compression settings to use with this HTTP Profile.

spdy_enabled

Type
bool
Category
optional
Description
Enable SPDY proxy for traffic from clients to the virtual service. SPDY requires SSL from the clients to Avi. Avi ADC will proxy the SPDY protocol, and forward requests to servers as HTTP 1.1.
Default
False

spdy_fwd_proxy_mode

Type
bool
Category
optional
Description
Enable fwd proxy mode with SPDY. This makes the Proxy combine the :host and :uri spdy headers to create a fwd-proxy style request URI
Default
False

post_accept_timeout

Type
int32
Category
optional
Description
The max allowed length of time between a client establishing a TCP connection until Avi receives the first byte of the client's HTTP request.
Default
30000

client_header_timeout

Type
int32
Category
optional
Description
The maximum length of time allowed for a client to transmit an entire request header. This helps mitigate various forms of SlowLoris attacks.
Default
10000

client_body_timeout

Type
int32
Category
optional
Description
The maximum length of time allowed between consecutive read operations for a client request body. The value '0' specifies no timeout. This setting generally impacts the length of time allowed for a client to send a POST.
Default
30000

keepalive_timeout

Type
int32
Category
optional
Description
The max idle time allowed between HTTP requests over a Keep-alive connection.
Default
30000

client_max_header_size

Type
int32
Category
optional
Description
Maximum size in Kbytes of a single HTTP header in the client request.
Units
kb
Default
12

client_max_request_size

Type
int32
Category
optional
Description
Maximum size in Kbytes of all the client HTTP request headers.
Units
kb
Default
48

client_max_body_size

Type
Unknown
Category
optional
Description
Maximum size for the client request body. This limits the size of the client data that can be uploaded/posted as part of a single HTTP Request. Default 0 => Unlimited.
Units
kb
Default
0

cache_config

Type
HttpCacheConfig
Category
optional
Description
HTTP Caching config to use with this HTTP Profile.

max_rps_unknown_uri

Type
uint32
Category
optional
Description
Maximum unknown URIs per second.
Default
0

max_rps_cip

Type
uint32
Category
optional
Description
Maximum requests per second per client IP.
Default
0

max_rps_uri

Type
uint32
Category
optional
Description
Maximum requests per second per URI.
Default
0

max_rps_cip_uri

Type
uint32
Category
optional
Description
Maximum requests per second per client IP and URI.
Default
0

ssl_client_certificate_action

Type
SSLClientCertificateAction
Category
optional
Description
Set of match/action rules that govern what happens when the client certificate request is enabled

ssl_client_certificate_mode

Type
enum
Category
optional
Description
Specifies whether the client side verification is set to none, request or require.
Default
SSL_CLIENT_CERTIFICATE_NONE
Choices
SSL_CLIENT_CERTIFICATE_NONE, SSL_CLIENT_CERTIFICATE_REQUEST, SSL_CLIENT_CERTIFICATE_REQUIRE

pki_profile_ref

Type
Reference to PKIProfile
Category
optional
Description
Select the PKI profile to be associated with the Virtual Service. This profile defines the Certificate Authority and Revocation List.

websockets_enabled

Type
bool
Category
optional
Description
Enable Websockets proxy for traffic from clients to the virtual service. Connections to this VS start in HTTP mode. If the client requests an Upgrade to Websockets, and the server responds back with success, then the connection is upgraded to WebSockets mode.
Default
True

max_rps_unknown_cip

Type
uint32
Category
optional
Description
Maximum unknown client IPs per second.
Default
0

max_bad_rps_cip

Type
uint32
Category
optional
Description
Maximum bad requests per second per client IP.
Default
0

max_bad_rps_uri

Type
uint32
Category
optional
Description
Maximum bad requests per second per URI.
Default
0

max_bad_rps_cip_uri

Type
uint32
Category
optional
Description
Maximum bad requests per second per client IP and URI.
Default
0

keepalive_header

Type
bool
Category
optional
Description
Send HTTP 'Keep-Alive' header to the client. By default, the timeout specified in the 'Keep-Alive Timeout' field will be used unless the 'Use App Keepalive Timeout' flag is set, in which case the timeout sent by the application will be honored.
Default
False

use_app_keepalive_timeout

Type
bool
Category
optional
Description
Use 'Keep-Alive' header timeout sent by application instead of sending the HTTP Keep-Alive Timeout.
Default
False

allow_dots_in_header_name

Type
bool
Category
optional
Description
Allow use of dot (.) in HTTP header names, for instance Header.app.special: PickAppVersionX.
Default
False

disable_keepalive_posts_msie6

Type
bool
Category
optional
Description
Disable keep-alive client side connections for older browsers based off MS Internet Explorer 6.0 (MSIE6). For some applications, this might break NTLM authentication for older clients based off MSIE6. For such applications, set this option to false to allow keep-alive connections.
Default
True

enable_request_body_buffering

Type
bool
Category
optional
Description
Enable request body buffering for POST requests. If enabled, max buffer size is set to lower of 32M or the value (non-zero) configured in client_max_body_size.
Default
False

CompressionProfile

compression

Type
bool
Category
required
Description
Compress HTTP response content if it wasn't already compressed.
Default
False

remove_accept_encoding_header

Type
bool
Category
required
Description
Offload compression from the servers to AVI. Saves compute cycles on the servers.
Default
True

compressible_content_ref

Type
Reference to StringGroup
Category
optional
Description
Compress only content types listed in this string group. Content types not present in this list are not compressed.
Default
/api/stringgroup?name=System-Compressible-Content-Types

type

Type
enum
Category
required
Description
Compress content automatically or add custom filters to define compressible content and compression levels.
Default
AUTO_COMPRESSION
Choices
AUTO_COMPRESSION, CUSTOM_COMPRESSION

filter

Type
CompressionFilter
Category
repeated
Description
Custom filters used when auto compression is not selected.

CompressionFilter

name

Type
string
Category
required
Description

index

Type
int32
Category
required
Description

match

Type
enum
Category
optional
Description
Whether to apply Filter when group criteria is matched or not
Default
IS_IN
Choices
IS_IN, IS_NOT_IN

ip_addrs_ref

Type
Reference to IpAddrGroup
Category
optional
Description

ip_addrs

Type
IpAddr
Category
repeated
Description

ip_addr_ranges

Type
IpAddrRange
Category
repeated
Description

ip_addr_prefixes

Type
IpAddrPrefix
Category
repeated
Description

devices_ref

Type
Reference to StringGroup
Category
optional
Description

user_agent

Type
string
Category
repeated
Description

level

Type
enum
Category
required
Description
Default
NORMAL_COMPRESSION
Choices
AGGRESSIVE_COMPRESSION, NORMAL_COMPRESSION, NO_COMPRESSION

HttpCacheConfig

enabled

Type
bool
Category
optional
Description
Enable/disable HTTP object caching.
Default
False

xcache_header

Type
bool
Category
optional
Description
Add an X-Cache header to content served from cache, which indicates to the client that the object was server from an intermediate cache.
Default
True

age_header

Type
bool
Category
optional
Description
Add an Age header to content served from cache, which indicates to the client the number of seconds the object has been in the cache.
Default
True

date_header

Type
bool
Category
optional
Description
If a Date header was not added by the server, add a Date header to the object served from cache. This indicates to the client when the object was originally sent by the server to the cache.
Default
True

min_object_size

Type
uint32
Category
optional
Description
Minimum size of an object to store in the cache.
Default
100

max_object_size

Type
uint32
Category
optional
Description
Maximum size of an object to store in the cache.
Default
4194304

default_expire

Type
uint32
Category
optional
Description
Default expiration time of cache objects received from the server without a Cache-Control expiration header. This value may be overwritten by the Heuristic Expire setting.
Default
600

heuristic_expire

Type
bool
Category
optional
Description
If a response object from the server does not include the Cache-Control header, but does include a Last-Modified header, the system will use this time to calculate the Cache-Control expiration. If unable to solicit an Last-Modified header, then the system will fall back to the Cache Expire Time value.
Default
False

max_cache_size

Type
uint64
Category
optional
Description
Max size, in bytes, of the cache. The default, zero, indicates auto configuration.
Default
0

query_cacheable

Type
bool
Category
optional
Description
Allow caching of objects whose URI included a query argument. When disabled, these objects are not cached. When enabled, the request must match the URI query to be considered a hit.
Default
False

mime_types_list

Type
string
Category
repeated
Description
Whitelist of cacheable mime types. If both Cacheable Mime Types string list and string group are empty, this defaults to */*

mime_types_group_refs

Type
Reference to StringGroup
Category
repeated
Description
Whitelist string group of cacheable mime types. If both Cacheable Mime Types string list and string group are empty, this defaults to */*

aggressive

Type
bool
Category
optional
Description
Enable/disable caching objects without Cache-Control headers
Default
False

mime_types_black_list

Type
string
Category
repeated
Description
Blacklist of non-cacheable mime types

mime_types_black_group_refs

Type
Reference to StringGroup
Category
repeated
Description
Blacklist string group of non-cacheable mime types

SSLClientCertificateAction

headers

Type
SSLClientRequestHeader
Category
repeated
Description

close_connection

Type
bool
Category
optional
Description
Default
False

SSLClientRequestHeader

request_header

Type
string
Category
optional
Description
If this header exists, reset the connection. If the ssl variable is specified, add a header with this value

request_header_value

Type
enum
Category
optional
Description
Set the request header with the value as indicated by this SSL variable. Eg. send the whole certificate in PEM format
Choices
HTTP_POLICY_VAR_CLIENT_IP, HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP, HTTP_POLICY_VAR_HTTP_HDR, HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT, HTTP_POLICY_VAR_SSL_CLIENT_SERIAL, HTTP_POLICY_VAR_SSL_CLIENT_ISSUER, HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT, HTTP_POLICY_VAR_SSL_CLIENT_RAW, HTTP_POLICY_VAR_SSL_PROTOCOL, HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME, HTTP_POLICY_VAR_SSL_CIPHER

DosRateLimitProfile

rl_profile

Type
RateLimiterProfile
Category
optional
Description
Profile for Connections/Requests rate limiting.

dos_profile

Type
DosThresholdProfile
Category
optional
Description
Profile for DoS attack detection.

RateLimiterProfile

client_ip_connections_rate_limit

Type
RateProfile
Category
optional
Description
Rate Limit all connections made from any single client IP address to the Virtual Service.

client_ip_requests_rate_limit

Type
RateProfile
Category
optional
Description
Rate Limit all HTTP requests from any single client IP address to all URLs of the Virtual Service.

uri_requests_rate_limit

Type
RateProfile
Category
optional
Description
Rate Limit all HTTP requests from all client IP addresses to any single URL.

client_ip_to_uri_requests_rate_limit

Type
RateProfile
Category
optional
Description
Rate Limit all HTTP requests from any single client IP address to any single URL.

client_ip_failed_requests_rate_limit

Type
RateProfile
Category
optional
Description
Rate Limit all requests from a client for a specified period of time once the count of failed requests from that client crosses a threshold for that period. Clients are tracked based on their IP address. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests.

uri_failed_requests_rate_limit

Type
RateProfile
Category
optional
Description
Rate Limit all requests to a URI for a specified period of time once the count of failed requests to that URI crosses a threshold for that period. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests.

client_ip_to_uri_failed_requests_rate_limit

Type
RateProfile
Category
optional
Description
Rate Limit all requests from a client to a URI for a specified period of time once the count of failed requests from that client to the URI crosses a threshold for that period. Clients are tracked based on their IP address. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests.

client_ip_scanners_requests_rate_limit

Type
RateProfile
Category
optional
Description
Automatically track clients and classify them into 3 groups - Good, Bad, Unknown. Clients are tracked based on their IP Address. Clients are added to the Good group when the Avi Scan Detection system builds history of requests from them that complete successfully. Clients are added to Unknown group when there is insufficient history about them. Requests from such clients are rate limited to the rate specified in the RateProfile. Finally, Clients with history of failed requests are added to Bad group and their requests are rate limited with stricter thresholds than the Unknown Clients group. The Avi Scan Detection system automatically tunes itself so that the Good, Bad, and Unknown client IPs group membership changes dynamically with the changes in traffic patterns through the ADC.

uri_scanners_requests_rate_limit

Type
RateProfile
Category
optional
Description
Automatically track URIs and classify them into 3 groups - Good, Bad, Unknown. URIs are added to the Good group when the Avi Scan Detection system builds history of requests to URIs that complete successfully. URIs are added to Unknown group when there is insufficient history about them. Requests for such URIs are rate limited to the rate specified in the RateProfile. Finally, URIs with history of failed requests are added to Bad group and requests to them are rate limited with stricter thresholds than the Unknown URIs group. The Avi Scan Detection system automatically tunes itself so that the Good, Bad, and Unknown URIs group membership changes dynamically with the changes in traffic patterns through the ADC.

http_header_rate_limits

Type
RateProfile
Category
repeated
Description
Rate Limit all HTTP requests from all client IP addresses that contain any single HTTP header value.

DosThresholdProfile

thresh_period

Type
int32
Category
required
Description
Timer value in seconds to collect DoS attack metrics based on threshold on the Service Engine for this Virtual Service.
Units
sec
Default
5

thresh_info

Type
DosThreshold
Category
repeated
Description
Attack type, min and max values for DoS attack detection.

DosThreshold

attack

Type
enum
Category
required
Description
Attack type.
Choices
LAND, SMURF, ICMP_PING_FLOOD, UNKOWN_PROTOCOL, TEARDROP, IP_FRAG_OVERRUN, IP_FRAG_TOOSMALL, IP_FRAG_FULL, IP_FRAG_INCOMPLETE, PORT_SCAN, TCP_NON_SYN_FLOOD_OLD, SYN_FLOOD, BAD_RST_FLOOD, MALFORMED_FLOOD, FAKE_SESSION, ZERO_WINDOW_STRESS, SMALL_WINDOW_STRESS, DOS_HTTP_TIMEOUT, DOS_HTTP_ERROR, DOS_HTTP_ABORT, DOS_SSL_ERROR, DOS_APP_ERROR, DOS_REQ_IP_RL_DROP, DOS_REQ_URI_RL_DROP, DOS_REQ_URI_SCAN_BAD_RL_DROP, DOS_REQ_URI_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_URI_RL_DROP, DOS_CONN_IP_RL_DROP, DOS_SLOW_URL, TCP_NON_SYN_FLOOD, DOS_REQ_CIP_SCAN_BAD_RL_DROP, DOS_REQ_CIP_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_RL_DROP_BAD, DOS_REQ_URI_RL_DROP_BAD, DOS_REQ_IP_URI_RL_DROP_BAD, POLICY_DROPS, DOS_CONN_RL_DROP, DOS_REQ_RL_DROP

min_value

Type
int32
Category
required
Description
Minimum number of packets or connections or requests in a given interval of time to be deemed as attack.

max_value

Type
int32
Category
required
Description
Maximum number of packets or connections or requests in a given interval of time to be deemed as attack.

TCPApplicationProfile

proxy_protocol_enabled

Type
bool
Category
optional
Description
Enable/Disable the usage of proxy protocol to convey client connection information to the back-end servers. Valid only for L4 application profiles and TCP proxy.
Default
False

proxy_protocol_version

Type
enum
Category
optional
Description
Version of proxy protocol to be used to convey client connection information to the back-end servers.
Default
PROXY_PROTOCOL_VERSION_1
Choices
PROXY_PROTOCOL_VERSION_1, PROXY_PROTOCOL_VERSION_2

DnsServiceApplicationProfile

num_dns_ip

Type
uint32
Category
optional
Description
Specifies the number of IP addresses returned by the DNS Service. Enter 0 to return all IP addresses
Default
1

ttl

Type
uint32
Category
optional
Description
Specifies the TTL value (in seconds) for records served by DNS Service
Units
sec
Default
30

error_response

Type
enum
Category
optional
Description
Drop or respond to client when the DNS service encounters an error processing a client query. By default, such a request is dropped without any response, or passed through to a passthrough pool, if configured. When set to respond, an appropriate response is sent to client, e.g. NXDOMAIN response for non-existent records, empty NOERROR response for unsupported queries, etc.
Default
DNS_ERROR_RESPONSE_NONE
Choices
DNS_ERROR_RESPONSE_ERROR, DNS_ERROR_RESPONSE_NONE

domain_names

Type
string
Category
repeated
Description
Subdomain names serviced by this Virtual Service. These are configured as Ends-With semantics

edns

Type
bool
Category
optional
Description
Enable DNS service to be aware of EDNS (Extension mechanism for DNS). EDNS extensions are parsed and shown in logs. For GSLB services, the EDNS subnet option can be used to influence Load Balancing.
Default
False

dns_over_tcp_enabled

Type
bool
Category
optional
Description
Enable DNS query/response over TCP. This enables analytics for pass-through queries as well.
Default
True

aaaa_empty_response

Type
bool
Category
optional
Description
Respond to AAAA queries with empty response when there are only IPV4 records
Default
True

HTTPSecurityPolicy

rules

Type
HTTPSecurityRule
Category
repeated
Description
Add rules to the HTTP security policy

HTTPSecurityRule

name

Type
string
Category
required
Description
Name of the rule

index

Type
int32
Category
required
Description
Index of the rule

enable

Type
bool
Category
required
Description
Enable or disable the rule
Default
True

match

Type
MatchTarget
Category
optional
Description
Add match criteria to the rule

action

Type
HTTPSecurityAction
Category
optional
Description
Action to be performed upon successful matching

log

Type
bool
Category
optional
Description
Log HTTP request upon rule match

MatchTarget

client_ip

Type
IpAddrMatch
Category
optional
Description
Configure client ip addresses

vs_port

Type
PortMatch
Category
optional
Description
Configure virtual service ports

protocol

Type
ProtocolMatch
Category
optional
Description
Configure the type of HTTP protocol

method

Type
MethodMatch
Category
optional
Description
Configure HTTP methods

version

Type
HTTPVersionMatch
Category
optional
Description
Configure versions of the HTTP protocol

path

Type
PathMatch
Category
optional
Description
Configure request paths

query

Type
QueryMatch
Category
optional
Description
Configure request query

hdrs

Type
HdrMatch
Category
repeated
Description
Configure HTTP header(s)

cookie

Type
CookieMatch
Category
optional
Description
Configure HTTP cookie(s)

host_hdr

Type
HostHdrMatch
Category
optional
Description
Configure the host header

PortMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for port matching the HTTP request
Choices
IS_IN, IS_NOT_IN

ports

Type
uint32
Category
repeated
Description
Listening TCP port(s)

ProtocolMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for protocol matching the HTTP request
Choices
IS_IN, IS_NOT_IN

protocols

Type
enum
Category
required
Description
HTTP or HTTPS protocol
Choices
HTTP, HTTPS

MethodMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for HTTP method matching the method in the HTTP request
Choices
IS_IN, IS_NOT_IN

methods

Type
enum
Category
repeated
Description
Configure HTTP method(s)
Choices
HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE

HTTPVersionMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for HTTP version matching the version used in the HTTP request
Choices
IS_IN, IS_NOT_IN

versions

Type
enum
Category
repeated
Description
HTTP protocol version
Choices
ZERO_NINE, ONE_ZERO, ONE_ONE

PathMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching the path in the HTTP request URI
Choices
BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the matching
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

match_str

Type
string
Category
repeated
Description
String values

string_group_refs

Type
Reference to StringGroup
Category
repeated
Description
UUID of the string group(s)

QueryMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching the query in HTTP request URI
Choices
QUERY_MATCH_CONTAINS

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

match_str

Type
string
Category
repeated
Description
String value(s)

string_group_refs

Type
Reference to StringGroup
Category
repeated
Description
UUID of the string group(s)

HdrMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching headers in the HTTP request
Choices
HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL

hdr

Type
string
Category
required
Description
Name of the HTTP header whose value is to be matched

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

value

Type
string
Category
repeated
Description
String values to match in the HTTP header

CookieMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching the cookie in the HTTP request
Choices
HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL

name

Type
string
Category
required
Description
Name of the cookie

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

value

Type
string
Category
optional
Description
String value in the cookie

HostHdrMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for the host header value match
Choices
HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

value

Type
string
Category
repeated
Description
String value(s) in the host header

HTTPSecurityAction

action

Type
enum
Category
required
Description
Type of the security action to perform
Choices
HTTP_SECURITY_ACTION_CLOSE_CONN, HTTP_SECURITY_ACTION_SEND_RESPONSE, HTTP_SECURITY_ACTION_ALLOW, HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS, HTTP_SECURITY_ACTION_RATE_LIMIT

status_code

Type
enum
Category
optional
Description
HTTP status code to use for local response
Choices
HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429

https_port

Type
uint32
Category
optional
Description
Secure SSL/TLS port to redirect the HTTP request to

file

Type
HTTPLocalFile
Category
optional
Description
File to be used for generating HTTP local response

rate_limit

Type
RateProfile
Category
optional
Description
Rate Limit profile to be used to rate-limit the flow

HTTPRequestPolicy

rules

Type
HTTPRequestRule
Category
repeated
Description
Add rules to the HTTP request policy

HTTPRequestRule

name

Type
string
Category
required
Description
Name of the rule

index

Type
int32
Category
required
Description
Index of the rule

enable

Type
bool
Category
required
Description
Enable or disable the rule
Default
True

match

Type
MatchTarget
Category
optional
Description
Add match criteria to the rule

redirect_action

Type
HTTPRedirectAction
Category
optional
Description
HTTP redirect action

hdr_action

Type
HTTPHdrAction
Category
repeated
Description
HTTP header rewrite action

rewrite_url_action

Type
HTTPRewriteURLAction
Category
optional
Description
HTTP request URL rewrite action

switching_action

Type
HTTPSwitchingAction
Category
optional
Description
Content switching action

log

Type
bool
Category
optional
Description
Log HTTP request upon rule match

all_headers

Type
bool
Category
optional
Description
Log all HTTP headers upon rule match

HTTPHdrAction

action

Type
enum
Category
required
Description
ADD: A new header with the new value is added irrespective of the existence of an HTTP header of the given name. REPLACE: A new header with the new value is added if no header of the given name exists, else existing headers with the given name are removed and a new header with the new value is added. REMOVE: All the headers of the given name are removed.
Choices
HTTP_ADD_HDR, HTTP_REMOVE_HDR, HTTP_REPLACE_HDR

hdr

Type
HTTPHdrData
Category
optional
Description
HTTP header information

cookie

Type
HTTPCookieData
Category
optional
Description
Cookie information

HTTPHdrData

name

Type
string
Category
optional
Description
HTTP header name

value

Type
HTTPHdrValue
Category
optional
Description
HTTP header value

HTTPHdrValue

var

Type
enum
Category
optional
Description
Variable
Choices
HTTP_POLICY_VAR_CLIENT_IP, HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP, HTTP_POLICY_VAR_HTTP_HDR, HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT, HTTP_POLICY_VAR_SSL_CLIENT_SERIAL, HTTP_POLICY_VAR_SSL_CLIENT_ISSUER, HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT, HTTP_POLICY_VAR_SSL_CLIENT_RAW, HTTP_POLICY_VAR_SSL_PROTOCOL, HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME, HTTP_POLICY_VAR_SSL_CIPHER

val

Type
string
Category
optional
Description
HTTP header value or variable representing an HTTP header

HTTPCookieData

name

Type
string
Category
optional
Description
Cookie name

value

Type
string
Category
optional
Description
Cookie value

HTTPRewriteURLAction

host_hdr

Type
URIParam
Category
optional
Description
Host config

path

Type
URIParam
Category
optional
Description
Path config

query

Type
URIParamQuery
Category
optional
Description
Query config

URIParamQuery

keep_query

Type
bool
Category
optional
Description
Use or drop the query of the incoming request URI in the request URI to the backend server
Default
True

add_string

Type
string
Category
optional
Description
Concatenate a string to the query of the incoming request URI and then use it in the request URI going to the backend server

HTTPSwitchingAction

action

Type
enum
Category
required
Description
Content switching action type
Choices
HTTP_SWITCHING_SELECT_POOL, HTTP_SWITCHING_SELECT_LOCAL, HTTP_SWITCHING_SELECT_POOLGROUP

pool_ref

Type
Reference to Pool
Category
optional
Description
UUID of the pool of servers to serve the request

status_code

Type
enum
Category
optional
Description
HTTP status code to use when serving local response
Choices
HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429

file

Type
HTTPLocalFile
Category
optional
Description
File from which to serve local response to the request

server

Type
PoolServer
Category
optional
Description
Specific pool server to select

pool_group_ref

Type
Reference to PoolGroup
Category
optional
Description
UUID of the pool group to serve the request

PoolServer

ip

Type
IpAddr
Category
required
Description
IP address of the server in the poool

hostname

Type
string
Category
optional
Description
DNS resolvable name of the server. May be used in place of the IP address.

port

Type
uint32
Category
optional
Description
Port of the pool server listening for HTTP/HTTPS. Default value is the default port in the pool.

HTTPResponsePolicy

rules

Type
HTTPResponseRule
Category
repeated
Description
Add rules to the HTTP response policy

HTTPResponseRule

name

Type
string
Category
required
Description
Name of the rule

index

Type
int32
Category
required
Description
Index of the rule

enable

Type
bool
Category
required
Description
Enable or disable the rule
Default
True

match

Type
ResponseMatchTarget
Category
optional
Description
Add match criteria to the rule

hdr_action

Type
HTTPHdrAction
Category
repeated
Description
HTTP header rewrite action

loc_hdr_action

Type
HTTPRewriteLocHdrAction
Category
optional
Description
Location header rewrite action

log

Type
bool
Category
optional
Description
Log HTTP request upon rule match

all_headers

Type
bool
Category
optional
Description
Log all HTTP headers upon rule match

ResponseMatchTarget

client_ip

Type
IpAddrMatch
Category
optional
Description
Configure client ip addresses

vs_port

Type
PortMatch
Category
optional
Description
Configure virtual service ports

protocol

Type
ProtocolMatch
Category
optional
Description
Configure the type of HTTP protocol

method

Type
MethodMatch
Category
optional
Description
Configure HTTP methods

version

Type
HTTPVersionMatch
Category
optional
Description
Configure versions of the HTTP protocol

path

Type
PathMatch
Category
optional
Description
Configure request paths

query

Type
QueryMatch
Category
optional
Description
Configure request query

hdrs

Type
HdrMatch
Category
repeated
Description
Configure HTTP headers

cookie

Type
CookieMatch
Category
optional
Description
Configure HTTP cookie(s)

host_hdr

Type
HostHdrMatch
Category
optional
Description
Configure the host header

loc_hdr

Type
LocationHdrMatch
Category
optional
Description
Configure the location header

status

Type
HTTPStatusMatch
Category
optional
Description
Configure the HTTP status code(s)

rsp_hdrs

Type
HdrMatch
Category
repeated
Description
Configure the HTTP headers in response

LocationHdrMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching location header value in the HTTP response
Choices
HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL

match_case

Type
enum
Category
optional
Description
Case sensitivity to use for the match
Default
INSENSITIVE
Choices
SENSITIVE, INSENSITIVE

value

Type
string
Category
repeated
Description
String value(s) in the location header

HTTPStatusMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for matching the HTTP response status code(s)
Choices
IS_IN, IS_NOT_IN

status_codes

Type
int32
Category
repeated
Description
HTTP response status code(s)

ranges

Type
HTTPStatusRange
Category
repeated
Description
HTTP response status code range(s)

HTTPRewriteLocHdrAction

protocol

Type
enum
Category
required
Description
HTTP protocol type
Choices
HTTP, HTTPS

port

Type
uint32
Category
optional
Description
Port to use in the redirected URI

host

Type
URIParam
Category
optional
Description
Host config

path

Type
URIParam
Category
optional
Description
Path config

keep_query

Type
bool
Category
optional
Description
Keep or drop the query from the server side redirect URI
Default
True

IpAddrGroup

uuid

Type
string
Category
required
Description
UUID of the IP address group

name

Type
string
Category
required
Description
Name of the IP address group

addrs

Type
IpAddr
Category
repeated
Description
Configure IP address(es)

ranges

Type
IpAddrRange
Category
repeated
Description
Configure IP address range(s)

prefixes

Type
IpAddrPrefix
Category
repeated
Description
Configure IP address prefix(es)

country_codes

Type
string
Category
repeated
Description
Populate the IP address ranges from the geo database for this country

apic_epg_name

Type
string
Category
optional
Description
Populate IP addresses from members of this Cisco APIC EPG

ip_ports

Type
IpAddrPort
Category
repeated
Description
Configure (IP address, port) tuple(s)

marathon_app_name

Type
string
Category
optional
Description
Populate IP addresses from tasks of this Marathon app

marathon_service_port

Type
uint32
Category
optional
Description
Task port associated with marathon service port. If Marathon app has multiple service ports, this is required. Else, the first task port is used

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

IpAddrPort

ip

Type
IpAddr
Category
optional
Description
IP Address of host. One of IP address or hostname should be set

port

Type
uint32
Category
required
Description
Port number of server

hostname

Type
string
Category
optional
Description
Hostname of server. One of IP address or hostname should be set

name

Type
string
Category
optional
Description

StringGroup

uuid

Type
string
Category
required
Description
UUID of the string group

name

Type
string
Category
required
Description
Name of the string group

kv

Type
KeyValue
Category
repeated
Description
Configure Key:Value in the string group

type

Type
enum
Category
required
Description
Type of StringGroup.
Default
SG_TYPE_STRING
Choices
SG_TYPE_STRING, SG_TYPE_KEYVAL

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

KeyValue

key

Type
string
Category
required
Description
Key

value

Type
string
Category
optional
Description
Value

SSLProfile

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

accepted_versions

Type
SSLVersion
Category
repeated
Description
Set of versions accepted by the server

accepted_ciphers

Type
string
Category
optional
Description
Ciphers suites represented as defined by U(http://www.openssl.org/docs/apps/ciphers.html)
Default
AES:3DES:RC4

cipher_enums

Type
enum
Category
repeated
Description
Choices
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA

tags

Type
Tag
Category
repeated
Description

ssl_rating

Type
SSLRating
Category
optional
Description

send_close_notify

Type
bool
Category
optional
Description
Send 'close notify' alert message for a clean shutdown of the SSL connection.
Default
True

dhparam

Type
string
Category
optional,readonly
Description
DH Parameters used in SSL. At this time, it is not configurable and is set to 2048 bits.

prefer_client_cipher_ordering

Type
bool
Category
optional
Description
Prefer the SSL cipher ordering presented by the client during the SSL handshake over the one specified in the SSL Profile.
Default
False

enable_ssl_session_reuse

Type
bool
Category
optional
Description
Enable SSL session re-use.
Default
True

ssl_session_timeout

Type
uint32
Category
optional
Description
The amount of time before an SSL session expires.
Units
sec
Default
86400

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

SSLVersion

type

Type
enum
Category
required
Description
Default
SSL_VERSION_TLS1_1
Choices
SSL_VERSION_TLS1, SSL_VERSION_TLS1_1, SSL_VERSION_TLS1_2

Tag

value

Type
string
Category
required
Description

type

Type
enum
Category
optional
Description
Default
USER_DEFINED
Choices
AVI_DEFINED, USER_DEFINED, VCENTER_DEFINED

SSLRating

security_score

Type
string
Category
optional
Description

performance_rating

Type
enum
Category
optional
Description
Choices
SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT

compatibility_rating

Type
enum
Category
optional
Description
Choices
SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT

SSLKeyAndCertificate

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

type

Type
enum
Category
optional
Description
Default
SSL_CERTIFICATE_TYPE_VIRTUALSERVICE
Choices
SSL_CERTIFICATE_TYPE_VIRTUALSERVICE, SSL_CERTIFICATE_TYPE_SYSTEM, SSL_CERTIFICATE_TYPE_CA

certificate

Type
SSLCertificate
Category
required
Description

key_params

Type
SSLKeyParams
Category
optional
Description

key

Type
string
Category
optional
Description
Private key

status

Type
enum
Category
optional
Description
Default
SSL_CERTIFICATE_FINISHED
Choices
SSL_CERTIFICATE_FINISHED, SSL_CERTIFICATE_PENDING

ca_certs

Type
CertificateAuthority
Category
repeated
Description
CA certificates in certificate chain

enckey_base64

Type
string
Category
optional
Description
Encrypted private key corresponding to the private key (e.g. those generated by an HSM such as Thales nShield)

enckey_name

Type
string
Category
optional
Description
Name of the encrypted private key (e.g. those generated by an HSM such as Thales nShield)

hardwaresecuritymodulegroup_ref

Type
Reference to HardwareSecurityModuleGroup
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

certificate_management_profile_ref

Type
Reference to CertificateManagementProfile
Category
optional
Description

dynamic_params

Type
CustomParams
Category
repeated
Description
Dynamic parameters needed for certificate management profile

created_by

Type
string
Category
optional
Description
Creator name

SSLCertificate

version

Type
string
Category
optional
Description

serial_number

Type
string
Category
optional
Description

self_signed

Type
bool
Category
optional
Description

issuer

Type
SSLCertificateDescription
Category
optional
Description

subject

Type
SSLCertificateDescription
Category
optional
Description

key_params

Type
SSLKeyParams
Category
optional
Description

public_key

Type
string
Category
optional
Description

signature_algorithm

Type
string
Category
optional
Description

signature

Type
string
Category
optional
Description

not_before

Type
string
Category
optional
Description

not_after

Type
string
Category
optional
Description

certificate

Type
string
Category
optional
Description

certificate_signing_request

Type
string
Category
optional
Description

text

Type
string
Category
optional
Description

fingerprint

Type
string
Category
optional
Description

expiry_status

Type
enum
Category
optional
Description
Default
SSL_CERTIFICATE_GOOD
Choices
SSL_CERTIFICATE_GOOD, SSL_CERTIFICATE_EXPIRY_WARNING, SSL_CERTIFICATE_EXPIRED

chain_verified

Type
bool
Category
optional
Description

subject_alt_names

Type
string
Category
repeated
Description
subjectAltName that provides additional subject identities

days_until_expire

Type
int32
Category
optional
Description
Default
365

SSLCertificateDescription

common_name

Type
string
Category
optional
Description

email_address

Type
string
Category
optional
Description

organization_unit

Type
string
Category
optional
Description

organization

Type
string
Category
optional
Description

locality

Type
string
Category
optional
Description

state

Type
string
Category
optional
Description

country

Type
string
Category
optional
Description

distinguished_name

Type
string
Category
optional
Description

SSLKeyParams

algorithm

Type
enum
Category
required
Description
Default
SSL_KEY_ALGORITHM_RSA
Choices
SSL_KEY_ALGORITHM_RSA, SSL_KEY_ALGORITHM_EC

rsa_params

Type
SSLKeyRSAParams
Category
optional
Description

ec_params

Type
SSLKeyECParams
Category
optional
Description

SSLKeyRSAParams

key_size

Type
enum
Category
optional
Description
Default
SSL_KEY_2048_BITS
Choices
SSL_KEY_1024_BITS, SSL_KEY_2048_BITS, SSL_KEY_3072_BITS, SSL_KEY_4096_BITS

exponent

Type
uint32
Category
optional
Description
Default
65537

SSLKeyECParams

curve

Type
enum
Category
optional
Description
Default
SSL_KEY_EC_CURVE_SECP256R1
Choices
SSL_KEY_EC_CURVE_SECP256R1, SSL_KEY_EC_CURVE_SECP384R1, SSL_KEY_EC_CURVE_SECP521R1

CertificateAuthority

name

Type
string
Category
optional
Description

ca_ref

Type
Reference to SSLKeyAndCertificate
Category
optional
Description

CustomParams

name

Type
string
Category
required
Description

value

Type
string
Category
optional
Description

is_sensitive

Type
bool
Category
optional
Description
Default
False

is_dynamic

Type
bool
Category
optional
Description
Default
False

NetworkSecurityPolicy

uuid

Type
string
Category
required
Description

name

Type
string
Category
optional
Description

rules

Type
NetworkSecurityRule
Category
repeated
Description

created_by

Type
string
Category
optional
Description
Creator name

cloud_config_cksum

Type
string
Category
optional
Description
Checksum of cloud configuration for Network Sec Policy. Internally set by cloud connector

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
optional
Description

NetworkSecurityRule

name

Type
string
Category
required
Description

index

Type
uint32
Category
required
Description

enable

Type
bool
Category
required
Description

match

Type
NetworkSecurityMatchTarget
Category
required
Description

action

Type
enum
Category
required
Description
Choices
NETWORK_SECURITY_POLICY_ACTION_TYPE_ALLOW, NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY, NETWORK_SECURITY_POLICY_ACTION_TYPE_RATE_LIMIT

log

Type
bool
Category
optional
Description
Default
False

rl_param

Type
NetworkSecurityPolicyActionRLParam
Category
optional
Description

age

Type
uint32
Category
optional
Description
Time in minutes after which rule will be deleted.
Units
min
Default
0

created_by

Type
string
Category
optional
Description
Creator name

NetworkSecurityMatchTarget

client_ip

Type
IpAddrMatch
Category
optional
Description

vs_port

Type
PortMatch
Category
optional
Description

microservice

Type
MicroServiceMatch
Category
optional
Description

MicroServiceMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for Micro Service matching the HTTP request
Choices
IS_IN, IS_NOT_IN

group_ref

Type
Reference to MicroServiceGroup
Category
optional
Description
UUID of Micro Service group(s)

NetworkSecurityPolicyActionRLParam

max_rate

Type
uint32
Category
required
Description
Maximum number of connections or requests or packets per second.

burst_size

Type
uint32
Category
required
Description
Maximum number of connections or requests or packets to be rate limited instantaneously.
Default
0

ApplicationPersistenceProfile

uuid

Type
string
Category
required
Description
UUID of the persistence profile.

name

Type
string
Category
required
Description
A user-friendly name for the persistence profile.

server_hm_down_recovery

Type
enum
Category
optional
Description
Specifies behavior when a persistent server has been marked down by a health monitor.
Default
HM_DOWN_PICK_NEW_SERVER
Choices
HM_DOWN_PICK_NEW_SERVER, HM_DOWN_ABORT_CONNECTION, HM_DOWN_CONTINUE_PERSISTENT_SERVER

persistence_type

Type
enum
Category
required
Description
Method used to persist clients to the same server for a duration of time or a session.
Default
PERSISTENCE_TYPE_CLIENT_IP_ADDRESS
Choices
PERSISTENCE_TYPE_CLIENT_IP_ADDRESS, PERSISTENCE_TYPE_HTTP_COOKIE, PERSISTENCE_TYPE_TLS, PERSISTENCE_TYPE_CLIENT_IPV6_ADDRESS, PERSISTENCE_TYPE_CUSTOM_HTTP_HEADER, PERSISTENCE_TYPE_APP_COOKIE, PERSISTENCE_TYPE_GSLB_SITE

ip_persistence_profile

Type
IPPersistenceProfile
Category
optional
Description
Specifies the Client IP Persistence profile parameters.

hdr_persistence_profile

Type
HdrPersistenceProfile
Category
optional
Description
Specifies the custom HTTP Header Persistence profile parameters.

app_cookie_persistence_profile

Type
AppCookiePersistenceProfile
Category
optional
Description
Specifies the Application Cookie Persistence profile parameters.

http_cookie_persistence_profile

Type
HttpCookiePersistenceProfile
Category
optional
Description
Specifies the HTTP Cookie Persistence profile parameters.

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
optional
Description

IPPersistenceProfile

ip_persistent_timeout

Type
int32
Category
optional
Description
The length of time after a client's connections have closed before expiring the client's persistence to a server.
Units
min
Default
5

HdrPersistenceProfile

prst_hdr_name

Type
string
Category
optional
Description
Header name for custom header persistence

AppCookiePersistenceProfile

prst_hdr_name

Type
string
Category
required
Description
Header or cookie name for application cookie persistence

timeout

Type
int32
Category
optional
Description
The length of time after a client's connections have closed before expiring the client's persistence to a server.
Units
min
Default
20

encryption_key

Type
string
Category
optional
Description
Key to use for cookie encryption

HttpCookiePersistenceProfile

encryption_key

Type
string
Category
optional
Description
Key name to use for cookie encryption

cookie_name

Type
string
Category
optional
Description
HTTP cookie name for cookie persistence

key

Type
HttpCookiePersistenceKey
Category
repeated
Description

timeout

Type
int32
Category
optional
Description
The length of time after a client's connections have closed before expiring the client's persistence to a server. No value or 'zero' indicates no timeout.
Units
min

always_send_cookie

Type
bool
Category
optional
Description
If no persistence cookie was received from the client, always send it.
Default
False

HttpCookiePersistenceKey

name

Type
string
Category
optional
Description
name to use for cookie encryption

aes_key

Type
Unknown
Category
optional
Description

hmac_key

Type
Unknown
Category
optional
Description

AnalyticsProfile

uuid

Type
string
Category
required
Description
UUID of the analytics profile.

name

Type
string
Category
required
Description
The name of the analytics profile.

tenant_ref

Type
Reference to Tenant
Category
required
Description

description

Type
string
Category
optional
Description

apdex_response_threshold

Type
uint32
Category
optional
Description
If a client receives an HTTP response in less than the Satisfactory Latency Threshold, the request is considered Satisfied. It is considered Tolerated if it is not Satisfied and less than Tolerated Latency Factor multiplied by the Satisfactory Latency Threshold. Greater than this number and the client's request is considered Frustrated.
Default
500

apdex_response_tolerated_factor

Type
Unknown
Category
optional
Description
Client tolerated response latency factor. Client must receive a response within this factor times the satisfactory threshold (apdex_response_threshold) to be considered tolerated
Default
4.0

apdex_server_response_threshold

Type
uint32
Category
optional
Description
A server HTTP response is considered Satisfied if latency is less than the Satisfactory Latency Threshold. The response is considered tolerated when it is greater than Satisfied but less than the Tolerated Latency Factor * S_Latency. Greater than this number and the server response is considered Frustrated.
Default
400

apdex_server_response_tolerated_factor

Type
Unknown
Category
optional
Description
Server tolerated response latency factor. Servermust response within this factor times the satisfactory threshold (apdex_server_response_threshold) to be considered tolerated
Default
4.0

apdex_rtt_threshold

Type
uint32
Category
optional
Description
Satisfactory client to Avi Round Trip Time(RTT).
Default
250

apdex_rtt_tolerated_factor

Type
Unknown
Category
optional
Description
Tolerated client to Avi Round Trip Time(RTT) factor. It is a multiple of apdex_rtt_tolerated_factor.
Default
4.0

apdex_server_rtt_threshold

Type
uint32
Category
optional
Description
Satisfactory client to Avi Round Trip Time(RTT).
Default
125

apdex_server_rtt_tolerated_factor

Type
Unknown
Category
optional
Description
Tolerated client to Avi Round Trip Time(RTT) factor. It is a multiple of apdex_rtt_tolerated_factor.
Default
4.0

apdex_rum_threshold

Type
uint32
Category
optional
Description
If a client is able to load a page in less than the Satisfactory Latency Threshold, the PageLoad is considered Satisfied. It is considered tolerated if it is greater than Satisfied but less than the Tolerated Latency multiplied by Satisifed Latency. Greater than this number and the client's request is considered Frustrated. A PageLoad includes the time for DNS lookup, download of all HTTP objects, and page render time.
Default
5000

apdex_rum_tolerated_factor

Type
Unknown
Category
optional
Description
Virtual service threshold factor for tolerated Page Load Time (PLT) as multiple of apdex_rum_threshold.
Default
4.0

conn_lossy_total_rexmt_threshold

Type
uint32
Category
optional
Description
A connection between client and Avi is considered lossy when more than this percentage of packets are retransmitted.
Default
50

conn_lossy_timeo_rexmt_threshold

Type
uint32
Category
optional
Description
A connection between client and Avi is considered lossy when more than this percentage of packets are retransmitted due to timeout.
Default
20

conn_lossy_ooo_threshold

Type
uint32
Category
optional
Description
A connection between client and Avi is considered lossy when more than this percentage of out of order packets are received.
Default
50

conn_lossy_zero_win_size_event_threshold

Type
uint32
Category
optional
Description
A client connection is considered lossy when percentage of times a packet could not be trasmitted due to TCP zero window is above this threshold.
Default
2

conn_server_lossy_total_rexmt_threshold

Type
uint32
Category
optional
Description
A connection between Avi and server is considered lossy when more than this percentage of packets are retransmitted.
Default
50

conn_server_lossy_timeo_rexmt_threshold

Type
uint32
Category
optional
Description
A connection between Avi and server is considered lossy when more than this percentage of packets are retransmitted due to timeout.
Default
20

conn_server_lossy_ooo_threshold

Type
uint32
Category
optional
Description
A connection between Avi and server is considered lossy when more than this percentage of out of order packets are received.
Default
50

conn_server_lossy_zero_win_size_event_threshold

Type
uint32
Category
optional
Description
A server connection is considered lossy when percentage of times a packet could not be trasmitted due to TCP zero window is above this threshold.
Default
2

exclude_client_close_before_request_as_error

Type
bool
Category
optional
Description
Exclude client closed connection before an HTTP request could be completed from being classified as an error.
Default
False

exclude_tcp_reset_as_error

Type
bool
Category
optional
Description
Exclude TCP resets by client from the list of potential errors.
Default
False

exclude_server_tcp_reset_as_error

Type
bool
Category
optional
Description
Exclude server TCP reset from errors. It is common for applications like MS Exchange.
Default
False

exclude_persistence_change_as_error

Type
bool
Category
optional
Description
Exclude persistence server changed while load balancing' from the list of errors.
Default
False

exclude_syn_retransmit_as_error

Type
bool
Category
optional
Description
Exclude 'server unanswered syns' from the list of errors.
Default
False

exclude_invalid_dns_query_as_error

Type
bool
Category
optional
Description
Exclude invalid dns queries from the list of errors.
Default
False

exclude_invalid_dns_domain_as_error

Type
bool
Category
optional
Description
Exclude dns queries to domains outside the domains configured in the DNS application profile from the list of errors.
Default
False

exclude_no_dns_record_as_error

Type
bool
Category
optional
Description
Exclude queries to domains that did not have configured services/records from the list of errors.
Default
False

exclude_unsupported_dns_query_as_error

Type
bool
Category
optional
Description
Exclude unsupported dns queries from the list of errors.
Default
False

hs_performance_boost

Type
uint32
Category
optional
Description
Adds free performance score credits to health score. It can be used for compensating health score for known slow applications.
Default
0

hs_max_anomaly_penalty

Type
uint32
Category
optional
Description
Maximum penalty that may be deducted from health score for anomalies.
Default
10

hs_max_resources_penalty

Type
uint32
Category
optional
Description
Maximum penalty that may be deducted from health score for high resource utilization.
Default
25

hs_max_security_penalty

Type
uint32
Category
optional
Description
Maximum penalty that may be deducted from health score based on security assessment.
Default
100

hs_security_nonpfs_penalty

Type
Unknown
Category
optional
Description
Penalty for allowing non-PFS handshakes.
Default
1.0

hs_security_weak_signature_algo_penalty

Type
Unknown
Category
optional
Description
Penalty for allowing weak signature algorithm(s).
Default
1.0

hs_security_ssl30_score

Type
Unknown
Category
optional
Description
Score assigned when supporting SSL3.0 encryption protocol
Default
3.5

hs_security_tls10_score

Type
Unknown
Category
optional
Description
Score assigned when supporting TLS1.0 encryption protocol
Default
5.0

hs_security_tls11_score

Type
Unknown
Category
optional
Description
Score assigned when supporting TLS1.1 encryption protocol
Default
5.0

hs_security_tls12_score

Type
Unknown
Category
optional
Description
Score assigned when supporting TLS1.2 encryption protocol
Default
5.0

hs_event_throttle_window

Type
uint32
Category
optional
Description
Time window (in secs) within which only unique health change events should occur
Default
1209600

hs_min_dos_rate

Type
uint32
Category
optional
Description
DoS connection rate below which the DoS security assessment will not kick in.
Default
1000

hs_security_certscore_expired

Type
Unknown
Category
optional
Description
Score assigned when the certificate has expired
Default
0.0

hs_security_certscore_le07d

Type
Unknown
Category
optional
Description
Score assigned when the certificate expires in less than or equal to 7 days
Default
2.0

hs_security_certscore_le30d

Type
Unknown
Category
optional
Description
Score assigned when the certificate expires in less than or equal to 30 days
Default
4.0

hs_security_certscore_gt30d

Type
Unknown
Category
optional
Description
Score assigned when the certificate expires in more than 30 days
Default
5.0

hs_security_cipherscore_eq000b

Type
Unknown
Category
optional
Description
Score assigned when the minimum cipher strength is 0 bits
Default
0.0

hs_security_cipherscore_lt128b

Type
Unknown
Category
optional
Description
Score assigned when the minimum cipher strength is less than 128 bits
Default
3.5

hs_security_cipherscore_ge128b

Type
Unknown
Category
optional
Description
Score assigned when the minimum cipher strength is greater than equal to 128 bits
Default
5.0

hs_security_selfsignedcert_penalty

Type
Unknown
Category
optional
Description
Deprecated
Default
1.0

hs_security_encalgo_score_rc4

Type
Unknown
Category
optional
Description
Score assigned when RC4 algorithm is used for encryption.
Default
2.5

hs_security_encalgo_score_none

Type
Unknown
Category
optional
Description
Score assigned when no algorithm is used for encryption.
Default
0.0

hs_security_chain_invalidity_penalty

Type
Unknown
Category
optional
Description
Penalty for allowing certificates with invalid chain.
Default
1.0

hs_security_hsts_penalty

Type
Unknown
Category
optional
Description
Penalty for not enabling HSTS.
Default
1.0

disable_server_analytics

Type
bool
Category
optional
Description
Disable analytics on backend servers. This may be desired in container environment when there are large number of ephemeral servers
Default
False

disable_se_analytics

Type
bool
Category
optional
Description
Disable node (service engine) level analytics forvs metrics
Default
False

hs_pscore_traffic_threshold_l4_client

Type
Unknown
Category
optional
Description
Threshold number of connections in 5min, below which apdexr, apdexc, rum_apdex, and other network quality metrics are not computed.
Default
10.0

hs_pscore_traffic_threshold_l4_server

Type
Unknown
Category
optional
Description
Threshold number of connections in 5min, below which apdexr, apdexc, rum_apdex, and other network quality metrics are not computed.
Default
10.0

exclude_gs_down_as_error

Type
bool
Category
optional
Description
Exclude queries to GSLB services that are operationally down from the list of errors.
Default
False

exclude_no_valid_gs_member_as_error

Type
bool
Category
optional
Description
Exclude queries to GSLB services that have no available members from the list of errors.
Default
False

client_log_config

Type
ClientLogConfiguration
Category
optional
Description
Configure which logs are sent to the Avi Controller from SEs and how they are processed.

client_log_streaming_config

Type
ClientLogStreamingConfig
Category
optional
Description
Configure to stream logs to an external server.

exclude_http_error_codes

Type
int32
Category
repeated
Description
List of HTTP status codes to be excluded from being classified as an error. Error connections or responses impacts health score, are included as significant logs, and may be classified as part of a DoS attack.

ranges

Type
HTTPStatusRange
Category
repeated
Description
List of HTTP status code ranges to be excluded from being classified as an error.

resp_code_block

Type
enum
Category
repeated
Description
Block of HTTP response codes to be excluded from being classified as an error.
Choices
AP_HTTP_RSP_4XX, AP_HTTP_RSP_5XX

exclude_server_dns_error_as_error

Type
bool
Category
optional
Description
Exclude server dns error response from the list of errors.
Default
False

ClientLogConfiguration

enable_significant_log_collection

Type
bool
Category
optional
Description
Enable significant log collection. By default, this flag is enabled, which means that Avi SEs collect significant logs and forward them to Controller for further processing. For example, these logs correspond to error conditions such as when the response code for a request is 500. Users can disable this flag to turn off default significant log collection.
Default
True

significant_log_processing

Type
enum
Category
optional
Description
Significant logs are processed by the Logs Analytics system according to this setting.
Default
LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND
Choices
LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND

filtered_log_processing

Type
enum
Category
optional
Description
(Note: Only sync_and_index_on_demand is implemented at this time) Filtered logs are logs that match any client log filters or rules with logging enabled. Such logs are processed by the Logs Analytics system according to this setting.
Default
LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND
Choices
LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND

non_significant_log_processing

Type
enum
Category
optional
Description
(Note: Only sync_and_index_on_demand is implemented at this time) Logs that are neither significant nor filtered, are processed by the Logs Analytics system according to this setting.
Default
LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND
Choices
LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND

ClientLogStreamingConfig

external_server

Type
string
Category
optional
Description
The destination server IP address or hostname. If a name is provided, this should be resolvable on Avi Service Engines.

external_server_port

Type
uint32
Category
optional
Description
The destination server's service port.
Default
514

log_types_to_send

Type
enum
Category
optional
Description
Type of logs to stream to the external server. Default is LOGS_ALL, i.e., send all logs.
Default
LOGS_ALL
Choices
LOGS_SIGNIFICANT_ONLY, LOGS_UDF_ONLY, LOGS_UDF_SIGNIFICANT, LOGS_ALL

max_logs_per_second

Type
uint32
Category
optional
Description
Maximum number of logs per second streamed to the remote server. By default, 100 logs per second are streamed. Set this to zero(0) to not enforce any limit.
Default
100

VSDataScriptSet

uuid

Type
string
Category
required
Description
UUID of the virtual service datascript collection

name

Type
string
Category
required
Description
Name for the virtual service datascript collection

datascript

Type
VSDataScript
Category
repeated
Description
DataScripts to execute

pool_refs

Type
Reference to Pool
Category
repeated
Description
UUID of pools that could be referred by VSDataScriptSet objects.

pool_group_refs

Type
Reference to PoolGroup
Category
repeated
Description
UUID of pool groups that could be referred by VSDataScriptSet objects.

ipgroup_refs

Type
Reference to IpAddrGroup
Category
repeated
Description
UUID of IP Groups that could be referred by VSDataScriptSet objects.

string_group_refs

Type
Reference to StringGroup
Category
repeated
Description
UUID of String Groups that could be referred by VSDataScriptSet objects.

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

VSDataScript

evt

Type
enum
Category
required
Description
Event triggering execution of datascript
Choices
VS_DATASCRIPT_EVT_HTTP_REQ, VS_DATASCRIPT_EVT_HTTP_RESP, VS_DATASCRIPT_EVT_HTTP_RESP_DATA, VS_DATASCRIPT_EVT_HTTP_LB_FAILED, VS_DATASCRIPT_EVT_HTTP_REQ_DATA, VS_DATASCRIPT_EVT_MAX

script

Type
string
Category
required
Description
Datascript to execute when the event triggers

Tenant

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

local

Type
bool
Category
optional
Description
Default
True

description

Type
string
Category
optional
Description

config_settings

Type
TenantConfiguration
Category
optional
Description

created_by

Type
string
Category
optional
Description
Creator of this tenant

TenantConfiguration

tenant_vrf

Type
bool
Category
optional
Description
When "Per Tenant IP Domain" is selected, each tenant gets its own routing domain that is not shared with any other tenant. When "Share IP Domain across all tenants" is selected, all tenants share the same routing domain.
Default
False

se_in_provider_context

Type
bool
Category
optional
Description
Controls the ownership of ServiceEngines. Service Engines can either be exclusively owned by each tenant or owned by the administrator and shared by all tenants. When ServiceEngines are owned by the administrator, each tenant can have either read access or no access to their Service Engines.
Default
True

tenant_access_to_provider_se

Type
bool
Category
optional
Description
Default
True

ServiceEngineGroup

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
optional
Description

max_vs_per_se

Type
int32
Category
optional
Description
Maximum number of Virtual Services that can be placed on a single Service Engine.
Default
10

min_scaleout_per_vs

Type
int32
Category
optional
Description
Minimum number of active Service Engines for the Virtual Service.
Default
1

max_scaleout_per_vs

Type
int32
Category
optional
Description
Maximum number of active Service Engines for the Virtual Service.
Default
4

max_se

Type
int32
Category
optional
Description
Maximum number of Services Engines in this group.
Default
10

vcpus_per_se

Type
int32
Category
optional
Description
Number of vcpus for each of the Service Engine virtual machines.
Default
1

memory_per_se

Type
int32
Category
optional
Description
Amount of memory for each of the Service Engine virtual machines.
Default
2048

disk_per_se

Type
int32
Category
optional
Description
Amount of disk space for each of the Service Engine virtual machines.
Units
gb
Default
10

max_cpu_usage

Type
int32
Category
optional
Description
When CPU usage on an SE exceeds this threshold, Virtual Services hosted on this SE may be rebalanced to other SEs to reduce load. A new SE may be created as part of this process.
Units
gb
Default
80

min_cpu_usage

Type
int32
Category
optional
Description
When CPU usage on an SE falls below the minimum threshold, Virtual Services hosted on the SE may be consolidated onto other underutilized SEs. After consolidation, unused Service Engines may then be eligible for deletion.
Default
30

se_deprovision_delay

Type
int32
Category
optional
Description
Duration to preserve unused Service Engine virtual machines before deleting them. If traffic to a Virtual Service were to spike up abruptly, this SE would still be available to be utilized again rather than creating a new SE. If this value is set to 0, Controller will never delete any SEs and administrator has to manually cleanup unused SEs.
Units
min
Default
120

auto_rebalance

Type
bool
Category
optional
Description
If set, Virtual Services will be automatically migrated when load on an SE is less than minimum or more than maximum thresholds. Only Alerts are generated when the auto_rebalance is not set.
Default
False

se_name_prefix

Type
string
Category
optional
Description
Prefix to use for virtual machine name of Service Engines.
Default
Avi

vs_host_redundancy

Type
bool
Category
optional
Description
Ensure primary and secondary Service Engines are deployed on different physical hosts.
Default
True

vcenter_folder

Type
string
Category
optional
Description
Folder to place all the Service Engine virtual machines in vCenter.
Default
AviSeFolder

vcenter_datastores

Type
VcenterDatastore
Category
repeated
Description

vcenter_datastores_include

Type
bool
Category
optional
Description
Default
False

vcenter_datastore_mode

Type
enum
Category
optional
Description
Default
VCENTER_DATASTORE_ANY
Choices
VCENTER_DATASTORE_ANY, VCENTER_DATASTORE_LOCAL, VCENTER_DATASTORE_SHARED

vcenter_clusters

Type
VcenterClusters
Category
optional
Description

vcenter_hosts

Type
VcenterHosts
Category
optional
Description

openstack_availability_zone

Type
string
Category
optional
Description

cpu_reserve

Type
bool
Category
optional
Description
Default
False

mem_reserve

Type
bool
Category
optional
Description
Default
True

mgmt_network_ref

Type
Reference to Network
Category
optional
Description
Management network to use for Avi Service Engines

mgmt_subnet

Type
IpAddrPrefix
Category
optional
Description
Management subnet to use for Avi Service Engines

ha_mode

Type
enum
Category
optional
Description
High Availability mode for all the Virtual Services using this Service Engine group.
Default
HA_MODE_SHARED
Choices
HA_MODE_SHARED_PAIR, HA_MODE_SHARED, HA_MODE_LEGACY_ACTIVE_STANDBY

algo

Type
enum
Category
optional
Description
In compact placement, Virtual Services are placed on existing SEs until max_vs_per_se limit is reached.
Default
PLACEMENT_ALGO_PACKED
Choices
PLACEMENT_ALGO_PACKED, PLACEMENT_ALGO_DISTRIBUTED

buffer_se

Type
int32
Category
optional
Description
Excess Service Engine capacity provisioned for HA failover
Default
1

active_standby

Type
bool
Category
optional
Description
Service Engines in active/standby mode for HA failover
Default
False

placement_mode

Type
enum
Category
optional
Description
If placement mode is 'Auto', Virtual Services are automatically placed on Service Engines.
Default
PLACEMENT_MODE_AUTO
Choices
PLACEMENT_MODE_AUTO

openstack_mgmt_network_name

Type
string
Category
optional
Description
Avi Management network name

openstack_mgmt_network_uuid

Type
string
Category
optional
Description
Management network UUID

instance_flavor

Type
string
Category
optional
Description
Instance/Flavor type for SE instance

hypervisor

Type
enum
Category
optional
Description
Override default hypervisor
Choices
DEFAULT, VMWARE_ESX, KVM, VMWARE_VSAN, XEN

se_dos_profile

Type
DosThresholdProfile
Category
optional
Description

auto_rebalance_interval

Type
int32
Category
optional
Description
Frequency of rebalance, if 'Auto rebalance' is enabled
Units
sec
Default
300

aggressive_failure_detection

Type
bool
Category
optional
Description
Enable aggressive failover configuration for ha.
Default
False

realtime_se_metrics

Type
MetricsRealTimeUpdate
Category
optional
Description
Enable or disable real time SE metrics

vs_scaleout_timeout

Type
uint32
Category
optional
Description
Time to wait for the scaled out SE to become ready before marking the scaleout done
Units
sec
Default
30

vs_scalein_timeout

Type
uint32
Category
optional
Description
Time to wait for the scaled in SE to drain existing flows before marking the scalein done
Units
sec
Default
30

hardwaresecuritymodulegroup_ref

Type
Reference to HardwareSecurityModuleGroup
Category
optional
Description

connection_memory_percentage

Type
uint32
Category
optional
Description
Percentage of memory for connection state. This will come at the expense of memory used for HTTP in-memory cache.
Default
50

extra_config_multiplier

Type
Unknown
Category
optional
Description
Multiplier for extra config to support large VS/Pool config.
Default
0.0

vs_scalein_timeout_for_upgrade

Type
uint32
Category
optional
Description
During SE upgrade, Time to wait for the scaled-in SE to drain existing flows before marking the scalein done
Units
sec
Default
30

host_attribute_key

Type
string
Category
optional
Description
Key of a (Key, Value) pair identifying a set of hosts. Currently used to separate North-South and East-West SE sizing requirements. This is useful in Container ecosystems where SEs on East-West traffic nodes are typically smaller than those on North-South traffic nodes.

host_attribute_value

Type
string
Category
optional
Description
Value of a (Key, Value) pair identifying a set of hosts. Currently used to separate North-South and East-West SE sizing requirements. This is useful in Container ecosystems where SEs on East-West traffic nodes are typically smaller than those on North-South traffic nodes.

log_disksz

Type
uint32
Category
optional
Description
Maximum disk capacity (in MB) to be allocated to an SE. This is exclusively used for debug and log data.
Units
mb
Default
10000

os_reserved_memory

Type
uint32
Category
optional
Description
Amount of extra memory to be reserved for use by the Operating System on a Service Engine.
Default
0

floating_intf_ip

Type
IpAddr
Category
repeated
Description
If ServiceEngineGroup is configured for Legacy 1+1 Active Standby HA Mode, Floating IP's will be advertised only by the Active SE in the Pair. Virtual Services in this group must be disabled/enabled for any changes to the Floating IP's to take effect. Only active SE hosting VS tagged with Active Standby SE 1 Tag will advertise this floating IP when manual load distribution is enabled.

hm_on_standby

Type
bool
Category
optional
Description
Enable active health monitoring from the standby SE for all placed virtual services.
Default
True

per_app

Type
bool
Category
optional
Description
Per-app SE mode is designed for deploying dedicated load balancers per app (VS). In this mode, each SE is limited to a max of 2 VSs. vCPUs in per-app SEs count towards licensing usage at 25% rate.
Default
False

enable_vmac

Type
bool
Category
optional
Description
Use Virtual MAC address for interfaces on which floating interface IPs are placed
Default
False

distribute_load_active_standby

Type
bool
Category
optional
Description
Use both the active and standby Service Engines for Virtual Service placement in the legacy active standby HA mode.
Default
False

auto_redistribute_active_standby_load

Type
bool
Category
optional
Description
Redistribution of virtual services from the takeover SE to the replacement SE can cause momentary traffic loss. If the auto-redistribute load option is left in its default off state, any desired rebalancing requires calls to REST API.
Default
False

floating_intf_ip_se_2

Type
IpAddr
Category
repeated
Description
If ServiceEngineGroup is configured for Legacy 1+1 Active Standby HA Mode, Floating IP's will be advertised only by the Active SE in the Pair. Virtual Services in this group must be disabled/enabled for any changes to the Floating IP's to take effect. Only active SE hosting VS tagged with Active Standby SE 2 Tag will advertise this floating IP when manual load distribution is enabled.

custom_tag

Type
CustomTag
Category
repeated
Description
Custom tag will be used to create the tags for SE instance in AWS. Note this is not the same as the prefix for SE name

dedicated_dispatcher_core

Type
bool
Category
optional
Description
Dedicate the core that handles packet receive/transmit from the network to just the dispatching function. Don't use it for TCP/IP and SSL functions.
Default
False

cpu_socket_affinity

Type
bool
Category
optional
Description
Allocate all the CPU cores for the Service Engine Virtual Machines on the same CPU socket. Applicable only for vCenter Cloud.
Default
False

num_flow_cores_sum_changes_to_ignore

Type
uint32
Category
optional
Description
Number of changes in num flow cores sum to ignore.
Default
8

least_load_core_selection

Type
bool
Category
optional
Description
Select core with least load for new flow.
Default
True

extra_shared_config_memory

Type
uint32
Category
optional
Description
Extra config memory to support large Geo DB configuration.
Units
mb
Default
0

se_tunnel_mode

Type
uint32
Category
optional
Description
Determines if DSR from secondary SE is active or not. 0: Automatically determine based on hypervisor type. 1: Disable DSR unconditionally. ~[0,1]: Enable DSR unconditionally
Default
0

openstack_availability_zones

Type
string
Category
repeated
Description

service_ip_subnets

Type
IpAddrPrefix
Category
repeated
Description
Subnets assigned to the SE group. Required for VS group placement.

se_vs_hb_max_vs_in_pkt

Type
uint32
Category
optional
Description
Maximum number of virtualservices for which heartbeat messages are aggregated in one packet.
Default
256

se_vs_hb_max_pkts_in_batch

Type
uint32
Category
optional
Description
Maximum number of aggregated vs heartbeat packets to send in a batch.
Default
8

cloud_ref

Type
Reference to Cloud
Category
optional,readonly
Description
Default
/api/cloud?name=Default-Cloud

iptables

Type
IptableRuleSet
Category
repeated
Description
Iptable Rules

enable_routing

Type
bool
Category
optional
Description
Enable routing for this ServiceEngineGroup
Default
False

advertise_backend_networks

Type
bool
Category
optional
Description
Advertise reach-ability of backend server networks via ADC through BGP for default gateway feature.
Default
False

enable_vip_on_all_interfaces

Type
bool
Category
optional
Description
Enable VIP on all interfaces of SE.
Default
True

se_thread_multiplier

Type
uint32
Category
optional
Description
Multiplier for SE threads based on vCPU.
Default
1

async_ssl

Type
bool
Category
optional
Description
SSL handshakes will be handled by dedicated SSL Threads
Default
False

async_ssl_threads

Type
uint32
Category
optional
Description
Number of Async SSL threads per se_dp
Default
1

se_udp_encap_ipc

Type
uint32
Category
optional
Description
Determines if SE-SE IPC messages are encapsulated in an UDP header. 0: Automatically determine based on hypervisor type. 1: Use UDP encap unconditionally. ~[0,1]: Don't use UDP encap.
Default
0

se_ipc_udp_port

Type
uint32
Category
optional
Description
UDP Port for SE_DP IPC in Docker bridge mode.
Default
1500

se_remote_punt_udp_port

Type
uint32
Category
optional
Description
UDP Port for punted packets in Docker bridge mode.
Default
1501

VcenterDatastore

datastore_name

Type
string
Category
required
Description

VcenterClusters

cluster_refs

Type
Reference to VIMgrClusterRuntime
Category
repeated
Description

include

Type
bool
Category
optional
Description
Default
False

VcenterHosts

host_refs

Type
Reference to VIMgrHostRuntime
Category
repeated
Description

include

Type
bool
Category
optional
Description
Default
False

CustomTag

tag_key

Type
string
Category
required
Description

tag_val

Type
string
Category
optional
Description

IptableRuleSet

table

Type
string
Category
required
Description

chain

Type
string
Category
required
Description

rules

Type
IptableRule
Category
repeated
Description

IptableRule

src_ip

Type
IpAddrPrefix
Category
optional
Description

dst_ip

Type
IpAddrPrefix
Category
optional
Description

src_port

Type
PortRange
Category
optional
Description

dst_port

Type
PortRange
Category
optional
Description

proto

Type
enum
Category
optional
Description
Choices
PROTO_TCP, PROTO_UDP, PROTO_ICMP, PROTO_ALL

input_interface

Type
string
Category
optional
Description

output_interface

Type
string
Category
optional
Description

action

Type
enum
Category
required
Description
Choices
ACCEPT, DROP, REJECT, DNAT, MASQUERADE

dnat_ip

Type
IpAddr
Category
optional
Description

tag

Type
string
Category
optional
Description

PortRange

start

Type
uint32
Category
required
Description
TCP/UDP port range start (inclusive).

end

Type
uint32
Category
required
Description
TCP/UDP port range end (inclusive).

Cloud

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

vtype

Type
enum
Category
required
Description
Cloud type
Default
CLOUD_NONE
Choices
CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK, CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS, CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP, CLOUD_RANCHER, CLOUD_OSHIFT_K8S

vcenter_configuration

Type
vCenterConfiguration
Category
optional
Description

openstack_configuration

Type
OpenStackConfiguration
Category
optional
Description

aws_configuration

Type
AwsConfiguration
Category
optional
Description

apic_mode

Type
bool
Category
optional
Description
Default
False

apic_configuration

Type
APICConfiguration
Category
optional
Description

cloudstack_configuration

Type
CloudStackConfiguration
Category
optional
Description

vca_configuration

Type
vCloudAirConfiguration
Category
optional
Description

mesos_configuration

Type
MesosConfiguration
Category
optional
Description

proxy_configuration

Type
ProxyConfiguration
Category
optional
Description

linuxserver_configuration

Type
LinuxServerConfiguration
Category
optional
Description

docker_configuration

Type
DockerConfiguration
Category
optional
Description

rancher_configuration

Type
RancherConfiguration
Category
optional
Description

oshiftk8s_configuration

Type
OShiftK8SConfiguration
Category
optional
Description

dhcp_enabled

Type
bool
Category
optional
Description
Select the IP address management scheme
Default
False

mtu

Type
uint32
Category
optional
Description
MTU setting for the cloud
Default
1500

prefer_static_routes

Type
bool
Category
optional
Description
Prefer static routes over interface routes during VirtualService placement.
Default
False

enable_vip_static_routes

Type
bool
Category
optional
Description
Use static routes for VIP side network resolution during VirtualService placement.
Default
False

obj_name_prefix

Type
string
Category
optional
Description
Default prefix for all automatically created objects in this cloud. This prefix can be overridden by the SE-Group template.

license_type

Type
enum
Category
optional
Description
If no license type is specified then default license enforcement for the cloud type is chosen. The default mappings are Container Cloud is Max Ses, OpenStack and VMware is cores and linux it is Sockets.
Choices
LIC_BACKEND_SERVERS, LIC_SOCKETS, LIC_CORES, LIC_HOSTS

ipam_provider_ref

Type
Reference to IpamDnsProviderProfile
Category
optional
Description
Ipam Profile for the cloud.

dns_provider_ref

Type
Reference to IpamDnsProviderProfile
Category
optional
Description
DNS Profile for the cloud.

east_west_ipam_provider_ref

Type
Reference to IpamDnsProviderProfile
Category
optional
Description
Ipam Profile for East-West services. Warning - Please use virtual subnets in this IPAM profile that do not conflict with the underlay networks or any overlay networks in the cluster. For example in AWS and GCP, 169.254.0.0/16 is used for storing instance metadata. Hence, it should not be used in this profile.

east_west_dns_provider_ref

Type
Reference to IpamDnsProviderProfile
Category
optional
Description
DNS Profile for East-West services.

nsx_configuration

Type
NsxConfiguration
Category
optional
Description
Configuration parameters for NSX Manager

tenant_ref

Type
Reference to Tenant
Category
required
Description

vCenterConfiguration

username

Type
string
Category
optional
Description
The username Avi Vantage will use when authenticating with vCenter.

password

Type
string
Category
optional
Description
The password Avi Vantage will use when authenticating with vCenter.

vcenter_url

Type
string
Category
optional
Description
vCenter hostname or IP address.

privilege

Type
enum
Category
required
Description
Set the access mode to vCenter as either Read, which allows Avi to discover networks and servers, or Write, which also allows Avi to create Service Engines and configure their network properties.
Default
WRITE_ACCESS
Choices
NO_ACCESS, READ_ACCESS, WRITE_ACCESS

datacenter

Type
string
Category
optional
Description
Datacenter for virtual infrastructure discovery

management_network

Type
string
Category
optional
Description
Management network to use for Avi Service Engines

management_ip_subnet

Type
IpAddrPrefix
Category
optional
Description
Management subnet to use for Avi Service Engines

vcenter_template_se_location

Type
string
Category
optional
Description
Avi Service Engine Template in vCenter to be used for creating Service Engines

OpenStackConfiguration

username

Type
string
Category
required
Description
The username Avi Vantage will use when authenticating to Keystone. For Keystone v3, provide the user information in user@domain format, unless that user belongs to the Default domain.

password

Type
string
Category
optional
Description
The password Avi Vantage will use when authenticating to Keystone.

admin_tenant

Type
string
Category
required
Description
OpenStack admin tenant (or project) information. For Keystone v3, provide the project information in project@domain format. Domain need not be specified if the project belongs to the 'Default' domain.

keystone_host

Type
string
Category
optional
Description
Keystone's hostname or IP address. (Deprecated) Use auth_url instead.

mgmt_network_name

Type
string
Category
required
Description
Avi Management network name or cidr

privilege

Type
enum
Category
required
Description
Access privilege
Choices
NO_ACCESS, READ_ACCESS, WRITE_ACCESS

use_keystone_auth

Type
bool
Category
optional
Description
Use keystone for user authentication
Default
True

prov_name

Type
string
Category
repeated
Description
LBaaS provider name

mgmt_network_uuid

Type
string
Category
optional
Description
Management network UUID

region

Type
string
Category
optional
Description
Region name

hypervisor

Type
enum
Category
optional
Description
Default hypervisor type
Default
KVM
Choices
DEFAULT, VMWARE_ESX, KVM, VMWARE_VSAN, XEN

tenant_se

Type
bool
Category
optional
Description
If true, then SEs will be created in the appropriate tenants, else SEs will be created in the admin_tenant.
Default
True

import_keystone_tenants

Type
bool
Category
optional
Description
Import keystone tenants list into Avi
Default
True

anti_affinity

Type
bool
Category
optional
Description
If true, an anti-affinity policy will be applied to all SEs of a SE-Group, else no such policy will be applied.
Default
True

port_security

Type
bool
Category
optional
Description
If true, port-security extension (if detected) will be used instead of security-groups, allowed-address-pairs or interface-secondary-ips. If false, port-security extension is skipped
Default
False

security_groups

Type
bool
Category
optional
Description
If false, security-groups extension will not be used.
Default
True

allowed_address_pairs

Type
bool
Category
optional
Description
If false, allowed-address-pairs extension will not be used.
Default
True

free_floatingips

Type
bool
Category
optional
Description
Free unused floating IPs.
Default
False

img_format

Type
enum
Category
optional
Description
If OS_IMG_FMT_RAW, use RAW images else use QCOW2 or streamOptimized/flat VMDK as appropriate.
Default
OS_IMG_FMT_AUTO
Choices
OS_IMG_FMT_AUTO, OS_IMG_FMT_QCOW2, OS_IMG_FMT_VMDK, OS_IMG_FMT_RAW, OS_IMG_FMT_FLAT

use_admin_url

Type
bool
Category
optional
Description
If admin URLs are either inaccessible or not to be accessed from Avi Controller, then set this to False.
Default
True

role_mapping

Type
OpenStackRoleMapping
Category
repeated
Description
Defines the mapping from OpenStack role names to avi local role names. For an OpenStack role, this mapping is consulted only if there is no local Avi role with the same name as the OpenStack role. This is an ordered list and only the first matching entry is used. You can use '*' to match all OpenStack role names.

use_internal_endpoints

Type
bool
Category
optional
Description
Use internalURL for OpenStack endpoints instead of the default publicURL endpoints.
Default
False

admin_tenant_uuid

Type
string
Category
optional
Description
admin-tenant's UUID in OpenStack

config_drive

Type
bool
Category
optional
Description
If false, metadata service will be used instead of config-drive functionality to retrieve SE VM metadata.
Default
True

auth_url

Type
string
Category
optional
Description
Auth URL for connecting to keystone. If this is specified, any value provided for keystone_host is ignored.

insecure

Type
bool
Category
optional
Description
Allow self-signed certificates when communicating with https service endpoints.
Default
True

intf_sec_ips

Type
bool
Category
optional
Description
If True, interface-secondary-ips method will be used for VIP association.
Default
False

external_networks

Type
bool
Category
optional
Description
If True, allow selection of networks marked as 'external' for management, vip or data networks.
Default
False

neutron_rbac

Type
bool
Category
optional
Description
If True, enable neutron rbac discovery of networks shared across tenants/projects
Default
True

map_admin_to_cloudadmin

Type
bool
Category
optional
Description
If True, map Avi 'admin' tenant to the admin_tenant of the Cloud. Else map Avi 'admin' to OpenStack 'admin' tenant.
Default
False

usable_network_uuids

Type
string
Category
repeated
Description
A tenant can normally use its own networks and any networks shared with it. In addition, this field provides extra networks that are usable by all tenants. If VirtualService does not specify a network and auto_allocate_ip is set, then the first available network from this list will be chosen for IP allocation.

nuage_vsd_host

Type
string
Category
optional
Description
Nuage VSD host name or IP address

nuage_port

Type
uint32
Category
optional
Description
Default
8443

nuage_username

Type
string
Category
optional
Description

nuage_password

Type
string
Category
optional
Description

nuage_organization

Type
string
Category
optional
Description

se_group_uuid

Type
string
Category
optional
Description
The Service Engine Group to use as template.

contrail_plugin

Type
bool
Category
optional
Description
Enable Contrail plugin mode. (deprecated)
Default
False

contrail_endpoint

Type
string
Category
optional
Description
Contrail VNC endpoint url (example http://10.10.10.100:8082). By default, 'http://' scheme and 8082 port will be used if not provided in the url

name_owner

Type
bool
Category
optional
Description
If True, embed owner info in VIP port 'name', else embed owner info in 'device_id' field
Default
True

OpenStackRoleMapping

os_role

Type
string
Category
required
Description
Role name in OpenStack

avi_role

Type
string
Category
required
Description
Role name in Avi

AwsConfiguration

access_key_id

Type
string
Category
optional
Description
AWS access key ID

secret_access_key

Type
string
Category
optional
Description
AWS secret access key

region

Type
string
Category
optional
Description
AWS region
Default
us-west-1

vpc

Type
string
Category
optional
Description
VPC name

vpc_id

Type
string
Category
required
Description
VPC ID

zones

Type
AwsZoneConfig
Category
repeated
Description

route53_integration

Type
bool
Category
optional
Description
If enabled, create/update DNS entries in Amazon Route 53 zones
Default
False

free_elasticips

Type
bool
Category
optional
Description
Free unused elastic IP addresses.
Default
True

use_iam_roles

Type
bool
Category
optional
Description
Use IAM roles instead of access and secret key.
Default
False

iam_assume_role

Type
string
Category
optional
Description
IAM assume role for cross-account access.

AwsZoneConfig

availability_zone

Type
string
Category
required
Description
Availability zone

mgmt_network_name

Type
string
Category
required
Description
Name or CIDR of the network in the Availability Zone that will be used as management network.

mgmt_network_uuid

Type
string
Category
optional
Description
UUID of the network in the Availability Zone that will be used as management network.

APICConfiguration

apic_name

Type
string
Category
repeated
Description
The hostname or IP address of the APIC controller.

apic_username

Type
string
Category
optional
Description
The username Avi Vantage will use when authenticating with APIC.

apic_password

Type
string
Category
optional
Description
The password Avi Vantage will use when authenticating with APIC.

apic_admin_tenant

Type
string
Category
optional
Description
Name of the Avi specific tenant created within APIC.
Default
common

apic_vendor

Type
string
Category
optional
Description
Default
Avi

apic_product

Type
string
Category
optional
Description
Default
ASP

deployment

Type
string
Category
optional
Description
Default

apic_domain

Type
string
Category
optional
Description
vCenter's virtual machine manager domain within APIC.

avi_controller_username

Type
string
Category
optional
Description
The username APIC will use when authenticating with Avi Vantage.
Default
admin

avi_controller_password

Type
string
Category
optional
Description
The password APIC will use when authenticating with Avi Vantage.

version

Type
string
Category
optional
Description
AVI Device Package Version
Default
1.0

minor

Type
string
Category
optional
Description
AVI Device Package Minor Version
Default
2

context_aware

Type
enum
Category
optional
Description
Context aware for supporting Service Graphs across VRFs
Default
SINGLE_CONTEXT
Choices
SINGLE_CONTEXT, MULTI_CONTEXT

managed_mode

Type
bool
Category
optional
Description
Use Managed Mode for APIC Service Insertion
Default
True

CloudStackConfiguration

api_url

Type
string
Category
required
Description
CloudStack API URL

access_key_id

Type
string
Category
required
Description
CloudStack API Key

secret_access_key

Type
string
Category
required
Description
CloudStack Secret Key

mgmt_network_name

Type
string
Category
required
Description
Avi Management network name

mgmt_network_uuid

Type
string
Category
optional
Description
Avi Management network name

cntr_public_ip

Type
string
Category
optional
Description
If controller's management IP is in a private network, a publicly accessible IP to reach the controller.

hypervisor

Type
enum
Category
optional
Description
Default hypervisor type
Default
KVM
Choices
DEFAULT, VMWARE_ESX, KVM, VMWARE_VSAN, XEN

vCloudAirConfiguration

vca_username

Type
string
Category
required
Description
vCloudAir username

vca_password

Type
string
Category
required
Description
vCloudAir password

vca_host

Type
string
Category
required
Description
vCloudAir host address

privilege

Type
enum
Category
required
Description
vCloudAir access mode
Default
WRITE_ACCESS
Choices
NO_ACCESS, READ_ACCESS, WRITE_ACCESS

vca_instance

Type
string
Category
required
Description
vCloudAir instance ID

vca_orgnization

Type
string
Category
required
Description
vCloudAir orgnization ID

vca_vdc

Type
string
Category
required
Description
vCloudAir virtual data center name

vca_mgmt_network

Type
string
Category
required
Description
vCloudAir management network

MesosConfiguration

marathon_configurations

Type
MarathonConfiguration
Category
repeated
Description
List of Marathon frameworks.

mesos_url

Type
string
Category
optional
Description
Mesos URL of the form http://host:port
Default
http://leader.mesos:5050

vip

Type
IpAddr
Category
optional
Description
VIP to be used by all East-West apps on all Hosts. Preferrably use an address from outside the subnet

use_bridge_ip_as_vip

Type
bool
Category
optional
Description
Use Bridge IP on each Host as VIP
Default
False

container_port_match_http_service

Type
bool
Category
optional
Description
Perform container port matching to create a HTTP Virtualservice instead of a TCP/UDP VirtualService
Default
True

http_container_ports

Type
uint32
Category
repeated
Description
List of container ports that create a HTTP Virtualservice instead of a TCP/UDP VirtualService. Defaults to 80

east_west_placement_subnet

Type
IpAddrPrefix
Category
optional
Description
Match against this prefix when placing east-west VSs on SEs (Mesos mode only)

se_deployment_method

Type
enum
Category
optional
Description
Use Fleet/SSH for deploying Service Engines
Default
MESOS_SE_CREATE_FLEET
Choices
MESOS_SE_CREATE_FLEET, MESOS_SE_CREATE_SSH, MESOS_SE_CREATE_MARATHON

use_controller_image

Type
bool
Category
optional
Description
If true, use controller generated SE docker image via fileservice, else use docker repository image as defined by docker_registry_se
Default
False

marathon_se_deployment

Type
MarathonSeDeployment
Category
optional
Description
Options for Marathon SE deployment

fleet_endpoint

Type
string
Category
optional
Description
Optional fleet remote endpoint if fleet is used for SE deployment

docker_registry_se

Type
DockerRegistry
Category
optional
Description
Docker registry for ServiceEngine image

se_spawn_rate

Type
uint32
Category
optional
Description
New SE spawn rate per minute
Default
25

app_sync_frequency

Type
uint32
Category
optional
Description
Sync frequency in seconds with frameworks
Default
60

disable_auto_se_creation

Type
bool
Category
optional
Description
Disable SE creation
Default
False

disable_auto_frontend_service_sync

Type
bool
Category
optional
Description
Disable auto service sync for front end services
Default
False

disable_auto_backend_service_sync

Type
bool
Category
optional
Description
Disable auto service sync for back end services
Default
False

use_container_ip_port

Type
bool
Category
optional
Description
Use container IP address:port for pool instead of host IP address:hostport. This mode is applicable if the container IP is reachable (not a private NATed IP) from other hosts in a routed environment for containers
Default
False

feproxy_route_publish

Type
FeProxyRoutePublishConfig
Category
optional
Description
Publish ECMP route to upstream router for VIP

feproxy_bridge_name

Type
string
Category
optional
Description
Name of second Linux bridge on Host providing connectivity for Front End proxies. This is a disruptive change
Default
cbr1

se_resources

Type
MesosSeResources
Category
repeated
Description
Obsolete - ignored

se_volume

Type
string
Category
optional
Description
Host volume to be used as a disk for Avi SE, This is a disruptive change
Default
/opt/avi/se

coredump_directory

Type
string
Category
optional
Description
Directory to mount to check for core dumps on Service Engines. This will be mapped read only to /var/crash on any new Service Engines. This is a disruptive change
Default
/var/lib/systemd/coredump

ssh_se_deployment

Type
SSHSeDeployment
Category
optional
Description
Parameters for SSH SE deployment

enable_event_subscription

Type
bool
Category
optional
Description
Enable Marathon event subscriptions
Default
True

nuage_controller

Type
NuageSDNController
Category
optional
Description
Nuage Overlay SDN Controller information

all_vses_are_feproxy

Type
bool
Category
optional
Description
Consider all Virtualservices as Front End Proxies. Front End proxies are placed on specific SEs as opposed to Back End proxies placed on all SEs. Applicable where each service has its own VIP and VIP is reachable from anywhere
Default
False

feproxy_container_port_as_service

Type
bool
Category
optional
Description
For Front End proxies, use container port as service port
Default
True

services_accessible_all_interfaces

Type
bool
Category
optional
Description
Make service ports accessible on all Host interfaces in addition to East-West VIP and/or bridge IP. Usually enabled AWS Mesos clusters to export East-West services on Host interface
Default
False

feproxy_vips_enable_proxy_arp

Type
bool
Category
optional
Description
Enable proxy ARP from Host interface for Front End proxies
Default
True

se_exclude_attributes

Type
MesosAttribute
Category
repeated
Description
Exclude hosts with attributes for SE creation

se_include_attributes

Type
MesosAttribute
Category
repeated
Description
Create SEs just on hosts with include attributes

ssh_user_ref

Type
Reference to CloudConnectorUser
Category
optional
Description
Cloud connector user uuid for SSH to hosts

node_availability_zone_label

Type
string
Category
optional
Description
Mesos Node label to be used as Mesos Node's availability zone in a dual availability zone deployment. ServiceEngines belonging to the availability zone will be rebooted during a manual DR failover

disable_auto_gs_sync

Type
bool
Category
optional
Description
Disable auto sync for GSLB services
Default
False

use_vips_for_east_west_services

Type
bool
Category
optional
Description
Use unique virtual IP address for every east west service in Mesos/Marathon. 'use_bridge_ip_as_vip' and 'vip' fields , if set, will not be used if this field is set.
Default
True

MarathonConfiguration

marathon_url

Type
string
Category
optional
Description
Marathon API URL of the form http://host:port
Default
http://leader.mesos:8080

marathon_username

Type
string
Category
optional
Description
Username for Marathon authentication

marathon_password

Type
string
Category
optional
Description
Password for Marathon authentication

public_port_range

Type
PortRange
Category
optional
Description
Public port range allocated to this Marathon framework instance

private_port_range

Type
PortRange
Category
optional
Description
Private port range allocated to this Marathon framework instance

framework_tag

Type
string
Category
optional
Description
Framework tag to be used in Virtualservice name. Default is framework name from Mesos. If this tag is altered atruntime, Virtualservices will be deleted and re-created

vs_name_tag_framework

Type
bool
Category
optional
Description
Tag VS name with framework name or framework_tag. Useful in deployments with multiple frameworks
Default
False

use_token_auth

Type
bool
Category
optional
Description
Use Token based authentication instead of basic authentication. Token is refreshed every 5 minutes.
Default
False

tenant

Type
string
Category
optional
Description
Tenant to pin this Marathon instance to. If set, a tenant object will be created in Avi bearing this name and all applications created in this marathon will be associated with this tenant regardless of, if any, tenant configuration in marathon label for this application.
Default
admin

MarathonSeDeployment

host_os

Type
string
Category
optional
Description
Host OS distribution e.g. COREOS, UBUNTU, REDHAT
Default
COREOS

docker_image

Type
string
Category
optional
Description
Docker image to be used for Avi SE installation e.g. fedora, ubuntu
Default
fedora

uris

Type
string
Category
repeated
Description
URIs to be resolved for starting the application

resource_roles

Type
string
Category
repeated
Description
Accepted resource roles for SEs

DockerRegistry

registry

Type
string
Category
optional
Description
Avi ServiceEngine repository name. For private registry, it's registry:port/repository, for public registry, it's registry/repository, for openshift registry, it's registry:port/ /
Default
avinetworks/se

private

Type
bool
Category
optional
Description
Set if docker registry is private. Avi controller will not attempt to push SE image to the registry, unless se_repository_push is set
Default
False

username

Type
string
Category
optional
Description
Username for docker registry. Authorized 'regular user' if registry is Openshift integrated registry.

password

Type
string
Category
optional
Description
Password for docker registry. Authorized 'regular user' password if registry is Openshift integrated registry.

se_repository_push

Type
bool
Category
optional
Description
Avi Controller will push ServiceEngine image to docker repository
Default
False

oshift_registry

Type
OshiftDockerRegistryMetaData
Category
optional
Description
Openshift integrated registry config.

OshiftDockerRegistryMetaData

registry_service

Type
string
Category
optional
Description
Name of the Integrated registry Service in Openshift.
Default
docker-registry

registry_namespace

Type
string
Category
optional
Description
Namespace for the ServiceEngine image to be hosted in Openshift Integrated registry.
Default
default

registry_vip

Type
IpAddr
Category
optional
Description
Static VIP for 'docker-registry' service in Openshift if Avi is proxying for this service.This VIP should be outside the cluster IP subnet in Kubernetes and within the subnet configured (but outside the available pool of IPs) in the East West IPAM profile configuration for this Cloud. For example, if kubernetes cluster VIP range is 172.30.0.0/16 and subnet configured in East West IPAM profile is 172.50.0.0/16, then 172.50.0.2 can be used for this vip and IP pool can start from 172.50.0.3 onwards. Use this static VIP in '--insecure-registry :5000' docker config if using an insecure registry or add this to the list of IPs/hostnames when generating certificates if using a secure TLS registry.

FeProxyRoutePublishConfig

mode

Type
enum
Category
optional
Description
Publish ECMP route to upstream router for VIP
Default
FE_PROXY_ROUTE_PUBLISH_NONE
Choices
FE_PROXY_ROUTE_PUBLISH_NONE, FE_PROXY_ROUTE_PUBLISH_QUAGGA_WEBAPP

token

Type
string
Category
optional
Description
Token for tracking changes

subnet

Type
uint32
Category
optional
Description
Subnet for publisher
Default
32

publisher_port

Type
uint32
Category
optional
Description
Listener port for publisher
Default
80

MesosSeResources

attribute_key

Type
string
Category
required
Description
Attribute (Fleet or Mesos) key of Hosts

attribute_value

Type
string
Category
required
Description
Attribute (Fleet or Mesos) value of Hosts

cpu

Type
float
Category
optional
Description
Obsolete - ignored
Default
2.0

memory

Type
uint32
Category
optional
Description
Obsolete - ignored
Default
4096

SSHSeDeployment

ssh_user

Type
string
Category
optional
Description
Username for SSH access to hosts

sudo_user

Type
string
Category
optional
Description
Username for sudo

password

Type
string
Category
optional
Description
Password for ssh and/or sudo

host_os

Type
string
Category
optional
Description
Host OS distribution e.g. COREOS, UBUNTU, REDHAT
Default
COREOS

NuageSDNController

nuage_vsd_host

Type
string
Category
optional
Description
Nuage VSD host name or IP address

nuage_port

Type
uint32
Category
optional
Description
Default
8443

nuage_username

Type
string
Category
optional
Description

nuage_password

Type
string
Category
optional
Description

nuage_organization

Type
string
Category
optional
Description

se_domain

Type
string
Category
optional
Description
Domain to be used for SE creation

se_zone

Type
string
Category
optional
Description
Zone to be used for SE creation

se_network

Type
string
Category
optional
Description
Network to be used for SE creation

se_enterprise

Type
string
Category
optional
Description
Enterprise to be used for SE creation

se_user

Type
string
Category
optional
Description
User to be used for SE creation

se_policy_group

Type
string
Category
optional
Description
Policy Group to be used for SE creation

MesosAttribute

attribute

Type
string
Category
required
Description
Attribute to match

value

Type
string
Category
optional
Description
Attribute value. If not set, match any value

ProxyConfiguration

host

Type
string
Category
required
Description
Proxy hostname or IP address

port

Type
uint32
Category
required
Description
Proxy port

username

Type
string
Category
optional
Description
Username for proxy

password

Type
string
Category
optional
Description
Password for proxy

LinuxServerConfiguration

ssh_attr

Type
SSHSeDeployment
Category
optional
Description
Parameters for SSH to hosts

docker_registry_se

Type
DockerRegistry
Category
optional
Description
Private docker registry for SE image storage

hosts

Type
LinuxServerHost
Category
repeated
Description

se_sys_disk_path

Type
string
Category
optional
Description
SE System Logs disk path for cloud

se_sys_disk_size_GB

Type
uint32
Category
optional
Description
SE System Logs disk size for cloud
Default
10

se_log_disk_path

Type
string
Category
optional
Description
SE Client Logs disk path for cloud

se_log_disk_size_GB

Type
uint32
Category
optional
Description
SE Client Log disk size for cloud
Default
5

se_inband_mgmt

Type
bool
Category
optional
Description
Flag to notify the SE's in this cloud have an inband management interface, this can be overridden at SE host level by setting host_attr attr_key as SE_INBAND_MGMT with value of true or false
Default
False

ssh_user_ref

Type
Reference to CloudConnectorUser
Category
optional
Description
Cloud connector user uuid for SSH to hosts

LinuxServerHost

host_ip

Type
IpAddr
Category
required
Description

host_attr

Type
HostAttributes
Category
repeated
Description

node_availability_zone

Type
string
Category
optional
Description
Node's availability zone. ServiceEngines belonging to the availability zone will be rebooted during a manual DR failover

HostAttributes

attr_key

Type
string
Category
required
Description

attr_val

Type
string
Category
optional
Description

DockerConfiguration

ucp_nodes

Type
string
Category
repeated
Description
List of Docker UCP nodes; In case of a load balanced UCP cluster, use Virtual IP of the cluster

client_tls_key_and_certificate_ref

Type
Reference to SSLKeyAndCertificate
Category
optional
Description
UUID of the client TLS cert and key

ca_tls_key_and_certificate_ref

Type
Reference to SSLKeyAndCertificate
Category
optional
Description
UUID of the UCP CA TLS cert and key

container_port_match_http_service

Type
bool
Category
optional
Description
Perform container port matching to create a HTTP Virtualservice instead of a TCP/UDP VirtualService
Default
True

http_container_ports

Type
uint32
Category
repeated
Description
List of container ports that create a HTTP Virtualservice instead of a TCP/UDP VirtualService. Defaults to 80

east_west_placement_subnet

Type
IpAddrPrefix
Category
optional
Description
Match against this prefix when placing east-west VSs on SEs

se_deployment_method

Type
enum
Category
optional
Description
Use Fleet/SSH for SE deployment
Default
SE_CREATE_SSH
Choices
SE_CREATE_FLEET, SE_CREATE_SSH, SE_CREATE_POD

fleet_endpoint

Type
string
Category
optional
Description
Optional fleet remote endpoint if fleet is used for SE deployment

docker_registry_se

Type
DockerRegistry
Category
optional
Description
Docker registry for ServiceEngine image

se_spawn_rate

Type
uint32
Category
optional
Description
New SE spawn rate per minute
Default
25

app_sync_frequency

Type
uint32
Category
optional
Description
Sync frequency in seconds with frameworks
Default
60

disable_auto_se_creation

Type
bool
Category
optional
Description
Disable SE creation
Default
False

disable_auto_frontend_service_sync

Type
bool
Category
optional
Description
Disable auto service sync for front end services
Default
False

disable_auto_backend_service_sync

Type
bool
Category
optional
Description
Disable auto service sync for back end services
Default
False

use_container_ip_port

Type
bool
Category
optional
Description
Use container IP address:port for pool instead of host IP address:hostport. This mode is applicable if the container IP is reachable (not a private NATed IP) from other hosts in a routed environment for containers
Default
False

se_volume

Type
string
Category
optional
Description
Host volume to be used as a disk for Avi SE, This is a disruptive change
Default
/opt/avi

coredump_directory

Type
string
Category
optional
Description
Directory to mount to check for core dumps on Service Engines. This will be mapped read only to /var/crash on any new Service Engines. This is a disruptive change
Default
/var/lib/systemd/coredump

ssh_se_deployment

Type
SSHSeDeployment
Category
optional
Description
Parameters for SSH SE deployment

enable_event_subscription

Type
bool
Category
optional
Description
Enable Docker event subscription
Default
True

feproxy_container_port_as_service

Type
bool
Category
optional
Description
For Front End proxies, use container port as service port
Default
False

services_accessible_all_interfaces

Type
bool
Category
optional
Description
Make service ports accessible on all Host interfaces in addition to East-West VIP and/or bridge IP. Usually enabled AWS clusters to export East-West services on Host interface
Default
False

feproxy_vips_enable_proxy_arp

Type
bool
Category
optional
Description
Enable proxy ARP from Host interface for Front End proxies
Default
True

se_exclude_attributes

Type
MesosAttribute
Category
repeated
Description
Exclude hosts with attributes for SE creation

se_include_attributes

Type
MesosAttribute
Category
repeated
Description
Create SEs just on hosts with include attributes

use_controller_image

Type
bool
Category
optional
Description
If true, use controller generated SE docker image via fileservice, else use docker repository image as defined by docker_registry_se
Default
False

ssh_user_ref

Type
Reference to CloudConnectorUser
Category
optional
Description
Cloud connector user uuid for SSH to hosts

RancherConfiguration

rancher_servers

Type
string
Category
repeated
Description
List of Rancher servers; In case of a load balanced Rancher multi cluster, use Virtual IP of the cluster

access_key

Type
string
Category
optional
Description
Access key

secret_key

Type
string
Category
optional
Description
Secret key

container_port_match_http_service

Type
bool
Category
optional
Description
Perform container port matching to create a HTTP Virtualservice instead of a TCP/UDP VirtualService
Default
True

http_container_ports

Type
uint32
Category
repeated
Description
List of container ports that create a HTTP Virtualservice instead of a TCP/UDP VirtualService. Defaults to 80

east_west_placement_subnet

Type
IpAddrPrefix
Category
optional
Description
Match against this prefix when placing east-west VSs on SEs

se_deployment_method

Type
enum
Category
optional
Description
Use Fleet/SSH for SE deployment
Default
SE_CREATE_SSH
Choices
SE_CREATE_FLEET, SE_CREATE_SSH, SE_CREATE_POD

fleet_endpoint

Type
string
Category
optional
Description
Optional fleet remote endpoint if fleet is used for SE deployment

docker_registry_se

Type
DockerRegistry
Category
optional
Description
Docker registry for ServiceEngine image

se_spawn_rate

Type
uint32
Category
optional
Description
New SE spawn rate per minute
Default
25

app_sync_frequency

Type
uint32
Category
optional
Description
Sync frequency in seconds with frameworks
Default
60

disable_auto_se_creation

Type
bool
Category
optional
Description
Disable SE creation
Default
False

disable_auto_frontend_service_sync

Type
bool
Category
optional
Description
Disable auto service sync for front end services
Default
False

disable_auto_backend_service_sync

Type
bool
Category
optional
Description
Disable auto service sync for back end services
Default
False

use_container_ip_port

Type
bool
Category
optional
Description
Use container IP address:port for pool instead of host IP address:hostport. This mode is applicable if the container IP is reachable (not a private NATed IP) from other hosts in a routed environment for containers
Default
False

se_volume

Type
string
Category
optional
Description
Host volume to be used as a disk for Avi SE, This is a disruptive change
Default
/opt/avi

coredump_directory

Type
string
Category
optional
Description
Directory to mount to check for core dumps on Service Engines. This will be mapped read only to /var/crash on any new Service Engines. This is a disruptive change
Default
/var/lib/systemd/coredump

ssh_se_deployment

Type
SSHSeDeployment
Category
optional
Description
Parameters for SSH SE deployment

enable_event_subscription

Type
bool
Category
optional
Description
Enable Docker event subscription
Default
True

feproxy_container_port_as_service

Type
bool
Category
optional
Description
For Front End proxies, use container port as service port
Default
False

services_accessible_all_interfaces

Type
bool
Category
optional
Description
Make service ports accessible on all Host interfaces in addition to East-West VIP and/or bridge IP. Usually enabled AWS clusters to export East-West services on Host interface
Default
False

feproxy_vips_enable_proxy_arp

Type
bool
Category
optional
Description
Enable proxy ARP from Host interface for Front End proxies
Default
True

se_exclude_attributes

Type
MesosAttribute
Category
repeated
Description
Exclude hosts with attributes for SE creation

se_include_attributes

Type
MesosAttribute
Category
repeated
Description
Create SEs just on hosts with include attributes

nuage_controller

Type
NuageSDNController
Category
optional
Description
Nuage Overlay SDN Controller information

use_controller_image

Type
bool
Category
optional
Description
If true, use controller generated SE docker image via fileservice, else use docker repository image as defined by docker_registry_se
Default
False

ssh_user_ref

Type
Reference to CloudConnectorUser
Category
optional
Description
Cloud connector user uuid for SSH to hosts

OShiftK8SConfiguration

master_nodes

Type
string
Category
repeated
Description
List of OpenShift/Kubernetes master nodes; In case of a load balanced OpenShift/K8S cluster, use Virtual IP of the cluster. Each node is of the form node:8443 or http://node:8080. If scheme is not provided, https is assumed

client_tls_key_and_certificate_ref

Type
Reference to SSLKeyAndCertificate
Category
optional
Description
UUID of the client TLS cert and key instead of service account token. One of client certificate or token is required

ca_tls_key_and_certificate_ref

Type
Reference to SSLKeyAndCertificate
Category
optional
Description
UUID of the UCP CA TLS cert and key

avi_bridge_subnet

Type
IpAddrPrefix
Category
optional
Description
Avi Linux bridge subnet on OpenShift/K8s nodes

container_port_match_http_service

Type
bool
Category
optional
Description
Perform container port matching to create a HTTP Virtualservice instead of a TCP/UDP VirtualService
Default
True

http_container_ports

Type
uint32
Category
repeated
Description
List of container ports that create a HTTP Virtualservice instead of a TCP/UDP VirtualService. Defaults to 80

east_west_placement_subnet

Type
IpAddrPrefix
Category
optional
Description
Match against this prefix when placing east-west VSs on SEs

se_deployment_method

Type
enum
Category
optional
Description
Use SSH/Pod for SE deployment
Default
SE_CREATE_SSH
Choices
SE_CREATE_FLEET, SE_CREATE_SSH, SE_CREATE_POD

fleet_endpoint

Type
string
Category
optional
Description
Optional fleet remote endpoint if fleet is used for SE deployment

docker_registry_se

Type
DockerRegistry
Category
optional
Description
Docker registry for ServiceEngine image

se_spawn_rate

Type
uint32
Category
optional
Description
New SE spawn rate per minute
Default
25

app_sync_frequency

Type
uint32
Category
optional
Description
Sync frequency in seconds with frameworks
Default
60

disable_auto_se_creation

Type
bool
Category
optional
Description
Disable SE creation
Default
False

disable_auto_frontend_service_sync

Type
bool
Category
optional
Description
Disable auto service sync for front end services
Default
False

disable_auto_backend_service_sync

Type
bool
Category
optional
Description
Disable auto service sync for back end services
Default
False

se_volume

Type
string
Category
optional
Description
Host volume to be used as a disk for Avi SE, This is a disruptive change
Default
/opt/avi

coredump_directory

Type
string
Category
optional
Description
Directory to mount to check for core dumps on Service Engines. This will be mapped read only to /var/crash on any new Service Engines. This is a disruptive change
Default
/var/lib/systemd/coredump

ssh_se_deployment

Type
SSHSeDeployment
Category
optional
Description
Parameters for SSH SE deployment

enable_event_subscription

Type
bool
Category
optional
Description
Enable Kubernetes event subscription
Default
True

feproxy_vips_enable_proxy_arp

Type
bool
Category
optional
Description
Enable proxy ARP from Host interface for Front End proxies
Default
True

se_exclude_attributes

Type
MesosAttribute
Category
repeated
Description
Exclude hosts with attributes for SE creation

se_include_attributes

Type
MesosAttribute
Category
repeated
Description
Create SEs just on hosts with include attributes

nuage_controller

Type
NuageSDNController
Category
optional
Description
Nuage Overlay SDN Controller information

use_service_cluster_ip_as_ew_vip

Type
bool
Category
optional
Description
Use Cluster IP of service as VIP for East-West services; This option requires that kube proxy is disabled on all nodes
Default
False

default_service_as_east_west_service

Type
bool
Category
optional
Description
If there is no explicit east_west_placement field in virtualservice configuration, treat service as a East-West service; default services such a OpenShift API server do not have virtualservice configuration
Default
True

sdn_overlay

Type
bool
Category
optional
Description
Cluster uses overlay based SDN. Enable this flag if cluster uses a overlay based SDN for OpenShift, Flannel, Weave, Nuage. Disable for routed mode
Default
True

use_controller_image

Type
bool
Category
optional
Description
If true, use controller generated SE docker image via fileservice, else use docker repository image as defined by docker_registry_se
Default
False

service_account_token

Type
string
Category
optional
Description
Authorization token for service account instead of client certificate. One of client certificate or token is required

use_scheduling_disabled_nodes

Type
bool
Category
optional
Description
Enable VirtualService placement on Service Engines on nodes with scheduling disabled. When false, Service Engines are disabled on nodes where scheduling is disabled
Default
False

l4_health_monitoring

Type
bool
Category
optional
Description
Perform Layer4 (TCP/UDP) health monitoring even for Layer7 (HTTP) Pools
Default
False

ssh_user_ref

Type
Reference to CloudConnectorUser
Category
optional
Description
Cloud connector user uuid for SSH to hosts

routes_share_virtualservice

Type
bool
Category
optional
Description
Routes use shared virtualservices. If configured, all OpenShift Routes will be created under a parent VirtualService. OpenShift Services will not trigger a VirtualService creation
Default
False

default_shared_virtualservice

Type
OshiftSharedVirtualService
Category
optional
Description
Default shared virtualservice that acts as the parent for all OpenShift Routes

node_availability_zone_label

Type
string
Category
optional
Description
OpenShift/K8S Node label to be used as OpenShift/K8S Node's availability zone in a dual availability zone deployment. ServiceEngines belonging to the availability zone will be rebooted during a manual DR failover

secure_egress_mode

Type
bool
Category
optional
Description
Allow Avi Vantage to create Security Context Constraints and Service Accounts which allow Egress Pods to run in privileged mode in an Openshift environment. Assumption is that credentials provided have cluster-admin role when this mode is enabled.
Default
False

OshiftSharedVirtualService

virtualservice_name

Type
string
Category
optional
Description
Name of shared virtualservice. VirtualService will be created automatically by Cloud Connector

NsxConfiguration

nsx_manager_name

Type
string
Category
optional
Description
The hostname or IP address of the NSX MGr.

nsx_manager_username

Type
string
Category
optional
Description
The username Avi Vantage will use when authenticating with NSX Mgr.

nsx_manager_password

Type
string
Category
optional
Description
The password Avi Vantage will use when authenticating with NSX Mgr.

avi_nsx_prefix

Type
string
Category
optional
Description
This prefix will be added to the names of all NSX objects created by Avi Controller. It should be unique across all the Avi Controller clusters

nsx_poll_time

Type
uint32
Category
optional
Description
The interval (in secs) with which Avi Controller polls the NSX Manager for updates
Default
300

MicroService

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

orchestrator_name

Type
string
Category
required
Description

application_name

Type
string
Category
required
Description

ip_list

Type
bool
Category
optional
Description
Flag to indicate if container IP list is provided by cloud connectorThis is applicable for overlay cases.

containers

Type
MicroServiceContainer
Category
repeated
Description
The list of containers for this microservice

created_by

Type
string
Category
optional
Description
Creator name

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

MicroServiceContainer

ip

Type
IpAddr
Category
required
Description
IP Address of the container.

port

Type
uint32
Category
optional
Description
Port nunber of the instance

container_id

Type
string
Category
optional
Description
ID of the container.

host

Type
string
Category
optional
Description
ID or name of the host where the container is.

task_id

Type
string
Category
optional
Description
Marathon Task ID of the instance

PoolGroup

uuid

Type
string
Category
required
Description
UUID of the pool group

name

Type
string
Category
required
Description
The name of the pool group.

members

Type
PoolGroupMember
Category
repeated
Description
List of pool group members object of type PoolGroupMember.

priority_labels_ref

Type
Reference to PriorityLabels
Category
optional
Description
UUID of the priority labels. If not provided, pool group member priority label will be interpreted as a number with a larger number considered higher priority.

min_servers

Type
uint32
Category
optional
Description
The minimum number of servers to distribute traffic to.
Default
0

deployment_policy_uuid

Type
string
Category
optional
Description
When setup autoscale manager will automatically promote new pools into production when deployment goals are met.

fail_action

Type
FailAction
Category
optional
Description
Enable an action - Close Connection, HTTP Redirect, or Local HTTP Response - when a pool group failure happens. By default, a connection will be closed, in case the pool group experiences a failure.

created_by

Type
string
Category
optional
Description
Name of the user who created the object.

cloud_config_cksum

Type
string
Category
optional
Description
Checksum of cloud configuration for PoolGroup. Internally set by cloud connector

description

Type
string
Category
optional
Description
Description of Pool Group.

tenant_ref

Type
Reference to Tenant
Category
optional
Description

cloud_ref

Type
Reference to Cloud
Category
optional,readonly
Description
Default
/api/cloud?name=Default-Cloud

PoolGroupMember

pool_ref

Type
Reference to Pool
Category
required
Description
UUID of the pool

ratio

Type
uint32
Category
optional
Description
Ratio of selecting eligible pools in the pool group.
Default
1

priority_label

Type
string
Category
optional
Description
All pools with same label are treated similarly in a pool group. A pool with a higher priority is selected, as long as the pool is eligible or an explicit policy chooses a different pool.

deployment_state

Type
enum
Category
optional
Description
Pool deployment state used with the PG deployment policy
Choices
EVALUATION_IN_PROGRESS, IN_SERVICE, OUT_OF_SERVICE, EVALUATION_FAILED

PriorityLabels

uuid

Type
string
Category
required
Description
UUID of the priority labels

name

Type
string
Category
required
Description
The name of the priority labels.

equivalent_labels

Type
EquivalentLabels
Category
repeated
Description
Equivalent priority labels in descending order.

description

Type
string
Category
optional
Description
A description of the priority labels.

tenant_ref

Type
Reference to Tenant
Category
optional
Description

cloud_ref

Type
Reference to Cloud
Category
optional,readonly
Description
Default
/api/cloud?name=Default-Cloud

EquivalentLabels

labels

Type
string
Category
repeated
Description
Equivalent labels.

GslbService

uuid

Type
string
Category
required
Description
UUID of the GSLB service.

name

Type
string
Category
required
Description
Name for the GSLB service.

domain_names

Type
string
Category
repeated
Description
Fully qualified domain name of the GSLB service.

groups

Type
GslbPool
Category
repeated
Description
Select list of pools belonging to this GSLB service.

num_dns_ip

Type
uint32
Category
optional
Description
Number of IP addresses of this GSLB service to be returned by the DNS Service. Enter 0 to return all IP addresses.

ttl

Type
uint32
Category
optional
Description
TTL value (in seconds) for records served for this GSLB service by the DNS Service.
Units
sec

down_response

Type
GslbServiceDownResponse
Category
optional
Description
Response to the client query when the GSLB service is DOWN.

health_monitor_refs

Type
Reference to GslbHealthMonitor
Category
repeated
Description
Verify VS health by applying one or more health monitors. Active monitors generate synthetic traffic from DNS Service Engine and to mark a VS up or down based on the response.

controller_health_status_enabled

Type
bool
Category
optional
Description
GS member's overall health status is derived based on a combination of controller and datapath health-status inputs. Note that the datapath status is determined by the association of health monitor profiles. Only the controller provided status is determined through this configuration.
Default
True

health_monitor_scope

Type
enum
Category
optional
Description
Health monitor probe can be executed for all the members or it can be executed only for third-party members. This operational mode is useful to reduce the number of health monitor probes in case of a hybrid scenario. In such a case, Avi members can have controller derived status while Non-Avi members can be probed by via health monitor probes in dataplane.
Default
GSLB_SERVICE_HEALTH_MONITOR_ALL_MEMBERS
Choices
GSLB_SERVICE_HEALTH_MONITOR_ALL_MEMBERS, GSLB_SERVICE_HEALTH_MONITOR_ONLY_NON_AVI_MEMBERS

enabled

Type
bool
Category
optional
Description
Enable or disable the GSLB service. If the GSLB service is enabled, then the VIPs are sent in the DNS responses based on reachability and configured algorithm. If the GSLB service is disabled, then the VIPs are no longer available in the DNS response.
Default
True

use_edns_client_subnet

Type
bool
Category
optional
Description
Use the client ip subnet from the EDNS option as source IPaddress for client geo-location and consistent hash algorithm. Default is true.
Default
True

wildcard_match

Type
bool
Category
optional
Description
Enable wild-card match of fqdn: if an exact match is not found in the DNS table, the longest match is chosen by wild-carding the fqdn in the DNS request. Default is false.
Default
False

created_by

Type
string
Category
optional
Description
Creator name

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

GslbPool

name

Type
string
Category
optional
Description
Name of the GSLB service pool.

priority

Type
uint32
Category
optional
Description
Priority of this pool of Members. If the priority of this is the highest in the group, DNS service picks up only this member for DNS responses.
Default
10

algorithm

Type
enum
Category
optional
Description
The load balancing algorithm will pick a local member within the GSLB service list of available Members.
Default
GSLB_ALGORITHM_ROUND_ROBIN
Choices
GSLB_ALGORITHM_ROUND_ROBIN, GSLB_ALGORITHM_CONSISTENT_HASH, GSLB_ALGORITHM_GEO

consistent_hash_mask

Type
uint32
Category
optional
Description
Mask to be applied on client IP for consistent hash algorithm.

members

Type
GslbPoolMember
Category
repeated
Description
Select list of VIPs belonging to this GSLB service.

GslbPoolMember

cluster_uuid

Type
string
Category
optional
Description
The Cluster UUID of the Site.

vs_uuid

Type
string
Category
optional
Description
Select local virtual service in the specified controller cluster belonging to this GSLB service. The virtual service may have multiple IP addresses and FQDNs. User will have to choose IP address or FQDN and configure it in the respective field.

fqdn

Type
string
Category
optional
Description
The pool member is configured with a fully qualified domain name. The FQDN is resolved to an IP address by the controller. DNS service shall health monitor the resolved IP address while it will return the fqdn(cname) in the DNS response.If the user has configured an IP address (in addition to the FQDN), then the IP address will get overwritten whenever periodic FQDN refresh is done by the controller.

ip

Type
IpAddr
Category
optional
Description
IP address of the pool member. If this IP address is hosted via an AVI virtual service, then the user should configure the cluster uuid and virtual service uuid. If this IP address is hosted on a third-party device and the device is tagged/tethered to a third-party site, then user can configure the third-party site uuid. User may configure the IP address without the cluster uuid or the virtual service uuid. In this option, some advanced site related features cannot be enabled. If the user has configured a fqdn for the pool member, then it takes precedence and will overwrite the configured IP address.

ratio

Type
uint32
Category
optional
Description
Overrides the default ratio of 1. Reduces the percentage the LB algorithm would pick the server in relation to its peers. Range is 1-20.
Default
1

enabled

Type
bool
Category
optional
Description
Enable or Disable member to decide if this address should be provided in DNS responses.
Default
True

location

Type
GslbGeoLocation
Category
optional
Description
Geographic location of the pool member

hm_proxies

Type
GslbHealthMonitorProxy
Category
repeated,readonly
Description
Internal generated system-field.

cloud_uuid

Type
string
Category
optional
Description
The Cloud UUID of the Site.

public_ip

Type
GslbIpAddr
Category
optional
Description
Alternate IP addresses of the pool member. In usual deployments, the VIP in the virtual service is a private IP address. This gets configured in the 'ip' field of the GSLB service. This field is used to host the public IP address for the VIP, which gets NATed to the private IP by a firewall. Client DNS requests coming in from within the intranet should have the private IP served in the A record, and requests from outside this should be served the public IP address.

GslbGeoLocation

source

Type
enum
Category
optional
Description
This field describes the source of the GeoLocation.
Choices
GSLB_LOCATION_SRC_USER_CONFIGURED, GSLB_LOCATION_SRC_INHERIT_FROM_SITE, GSLB_LOCATION_SRC_FROM_GEODB

location

Type
GeoLocation
Category
optional
Description
Geographic location of the site.

GslbHealthMonitorProxy

proxy_type

Type
enum
Category
optional
Description
This field identifies the health monitor proxy behavior. The designated site for health monitor proxy can monitor public or private or all the members of a given site.
Default
GSLB_HEALTH_MONITOR_PROXY_PRIVATE_MEMBERS
Choices
GSLB_HEALTH_MONITOR_PROXY_ALL_MEMBERS, GSLB_HEALTH_MONITOR_PROXY_PRIVATE_MEMBERS

site_uuid

Type
string
Category
optional
Description
This field identifies the site that will health monitor on behalf of the current site. i.e. it will be a health monitor proxy and monitor members of the current site.

GslbIpAddr

ip

Type
IpAddr
Category
optional
Description
Public IP address of the pool member.

GslbServiceDownResponse

type

Type
enum
Category
optional
Description
Response from DNS service towards the client when the GSLB service is DOWN.
Default
GSLB_SERVICE_DOWN_RESPONSE_NONE
Choices
GSLB_SERVICE_DOWN_RESPONSE_NONE, GSLB_SERVICE_DOWN_RESPONSE_ALL_RECORDS, GSLB_SERVICE_DOWN_RESPONSE_FALLBACK_IP, GSLB_SERVICE_DOWN_RESPONSE_EMPTY

fallback_ip

Type
IpAddr
Category
optional
Description
Fallback IP address to use in response to the client query when the GSLB service is DOWN.

GslbHealthMonitor

uuid

Type
string
Category
required
Description
UUID of the health monitor.

name

Type
string
Category
required
Description
A user friendly name for this health monitor.

send_interval

Type
int32
Category
optional
Description
Frequency, in seconds, that monitors are sent to a server.
Units
sec
Default
5

receive_timeout

Type
int32
Category
optional
Description
A valid response from the server is expected within the receive timeout window. This timeout must be less than the send interval. If server status is regularly flapping up and down, consider increasing this value.
Units
sec
Default
4

successful_checks

Type
int32
Category
optional
Description
Number of continuous successful health checks before server is marked up.
Default
2

failed_checks

Type
int32
Category
optional
Description
Number of continuous failed health checks before the server is marked down.
Default
2

type

Type
enum
Category
required
Description
Type of the health monitor.
Choices
HEALTH_MONITOR_PING, HEALTH_MONITOR_TCP, HEALTH_MONITOR_HTTP, HEALTH_MONITOR_HTTPS, HEALTH_MONITOR_EXTERNAL, HEALTH_MONITOR_UDP, HEALTH_MONITOR_DNS, HEALTH_MONITOR_GSLB

tcp_monitor

Type
HealthMonitorTcp
Category
optional
Description

http_monitor

Type
HealthMonitorHttp
Category
optional
Description

https_monitor

Type
HealthMonitorHttp
Category
optional
Description

external_monitor

Type
HealthMonitorExternal
Category
optional
Description

udp_monitor

Type
HealthMonitorUdp
Category
optional
Description

dns_monitor

Type
HealthMonitorDNS
Category
optional
Description

monitor_port

Type
int32
Category
optional
Description
Use this port instead of the port defined for the server in the Pool. If the monitor succeeds to this port, the load balanced traffic will still be sent to the port of the server defined within the Pool.

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

GslbGeoDbProfile

uuid

Type
string
Category
required
Description
UUID of the geodb profile.

name

Type
string
Category
required
Description
A user-friendly name for the geodb profile.

entries

Type
GslbGeoDbEntry
Category
repeated
Description
List of Geodb entries. An entry can either be a geodb file or an ip address group with geo properties.

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

GslbGeoDbEntry

priority

Type
uint32
Category
optional
Description
Priority of this geodb entry. This value should be unique in a repeated list of geodb entries. Higher the value, then greater is the priority.
Default
10

file

Type
GslbGeoDbFile
Category
optional
Description
This field describes the GeoDb file.

GslbGeoDbFile

filename

Type
string
Category
optional
Description
Geodb Filename in the Avi supported formats.

format

Type
enum
Category
optional
Description
This field indicates the file format.
Default
GSLB_GEODB_FILE_FORMAT_AVI
Choices
GSLB_GEODB_FILE_FORMAT_AVI, GSLB_GEODB_FILE_FORMAT_MAXMIND_CITY

timestamp

Type
uint64
Category
optional,readonly
Description
Internal timestamp associated with the file.

checksum

Type
string
Category
optional,readonly
Description
File checksum is internally computed.

file_id

Type
string
Category
optional,readonly
Description
System internal identifier for the file.

Gslb

uuid

Type
string
Category
required
Description
UUID of the GSLB object.

name

Type
string
Category
required
Description
Name for the GSLB object.

dns_configs

Type
DNSConfig
Category
repeated
Description
Sub domain configuration for the GSLB. GSLB service's FQDN must be a match one of these subdomains.

sites

Type
GslbSite
Category
repeated
Description
Select Avi site member belonging to this Gslb.

leader_cluster_uuid

Type
string
Category
optional
Description
Mark this Site as leader of GSLB configuration. This site is the one among the Avi sites.

send_interval

Type
uint32
Category
optional
Description
Frequency with which group members communicate.
Units
sec
Default
15

clear_on_max_retries

Type
uint32
Category
optional
Description
Max retries after which the remote site is treatedas a fresh start. In fresh start all the configsare downloaded.
Default
20

view_id

Type
uint64
Category
optional,readonly
Description
The view-id is used in maintenance mode to differentiate partitioned groups while they havethe same gslb namespace. Each partitioned groupwill be able to operate independently by using theview-id.
Default
0

third_party_sites

Type
GslbThirdPartySite
Category
repeated
Description
Third party site member belonging to this Gslb.

client_ip_addr_group

Type
GslbClientIpAddrGroup
Category
optional
Description
Group to specify if the client ip addresses are public or private.

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
required
Description

DNSConfig

domain_name

Type
string
Category
optional
Description
GSLB subdomain used for GSLB service FQDN match and placement.

GslbSite

cluster_uuid

Type
string
Category
optional
Description
UUID of the 'Cluster' object of the Controller Cluster in this site.

name

Type
string
Category
optional
Description
Name for the Site Controller Cluster.

address

Type
string
Category
optional
Description
IP Address or a DNS resolvable, fully qualified domain name of the Site Controller Cluster.

ip_addresses

Type
IpAddr
Category
repeated
Description
IP Address(es) of the Site's Cluster. For a 3-node cluster, either the cluster vIP is provided, or the list of controller IPs in the cluster are provided.

port

Type
uint32
Category
optional
Description
The Site Controller Cluster's REST API port number.
Default
443

username

Type
string
Category
optional
Description
The username used when authenticating with the Site.

password

Type
string
Category
optional
Description
The password used when authenticating with the Site.

dns_vs_uuids

Type
string
Category
repeated
Description
The list of DNS-VSes on which the GSes shall be placed. The site has to be an ACTIVE member.

member_type

Type
enum
Category
optional
Description
The site's member type: A leader is set to ACTIVE while allmembers are set to passive.
Default
GSLB_PASSIVE_MEMBER
Choices
GSLB_ACTIVE_MEMBER, GSLB_PASSIVE_MEMBER

enabled

Type
bool
Category
optional
Description
Enable or disable the Site. This is useful in maintenance scenarios such as upgrade and routine maintenance. A disabled site's configuration shall be retained but it will not get any new configuration updates. It shall not participate in Health-Status monitoring. VIPs of the Virtual Services on the disabled site shall not be sent in DNS response. When a site transitions from disabled to enabled, it is treated similar to the addition of a new site.
Default
True

location

Type
GslbGeoLocation
Category
optional
Description
Geographic location of the site.

hm_proxies

Type
GslbHealthMonitorProxy
Category
repeated
Description
User can designate certain Avi sites to run health monitor probes for VIPs/VS(es) for this site. This is useful in network deployments where the VIPs/VS(es) are reachable only from certain sites. A typical scenario is a firewall between two GSLB sites. User may want to run health monitor probes from sites on either side of the firewall so that each designated site can derive a datapath view of the reachable members. If the health monitor proxies are not configured, then the default behavior is to run health monitor probes from all the active sites.

ratio

Type
uint32
Category
optional
Description
User can overide the individual GslbPoolMember ratio for all the VIPs/VS(es) of this site. If this field is not configured then the GslbPoolMember ratio gets applied.

GslbThirdPartySite

cluster_uuid

Type
string
Category
optional,readonly
Description
Third-party-site identifier generated by Avi.

name

Type
string
Category
optional
Description
Name of the third-party Site.

enabled

Type
bool
Category
optional
Description
Enable or disable the third-party Site. This is useful in maintenance scenarios such as upgrade and routine maintenance. A disabled site's configuration shall be retained but it will not get any new configuration updates. VIPs associated with the disabled site shall not be sent in DNS response.
Default
True

location

Type
GslbGeoLocation
Category
optional
Description
Geographic location of the site.

hm_proxies

Type
GslbHealthMonitorProxy
Category
repeated
Description
User can designate certain Avi sites to run health monitor probes for VIPs/VS(es) for this site. This is useful in network deployments where the VIPs/VS(es) are reachable only from certain sites. A typical scenario is a firewall between two GSLB sites. User may want to run health monitor probes from sites on either side of the firewall so that each designated site can derive a datapath view of the reachable members. If the health monitor proxies are not configured, then the default behavior is to run health monitor probes from all the active sites.

ratio

Type
uint32
Category
optional
Description
User can overide the individual GslbPoolMember ratio for all the VIPs of this site. If this field is not configured, then the GslbPoolMember ratio gets applied.

GslbClientIpAddrGroup

type

Type
enum
Category
optional
Description
Specify whether this client IP address range is public or private.
Default
GSLB_IP_PUBLIC
Choices
GSLB_IP_PUBLIC, GSLB_IP_PRIVATE

addrs

Type
IpAddr
Category
repeated
Description
Configure IP address(es)

ranges

Type
IpAddrRange
Category
repeated
Description
Configure IP address range(s)

prefixes

Type
IpAddrPrefix
Category
repeated
Description
Configure IP address prefix(es)

SeAgentGraphDBNodeStats

num_create

Type
int32
Category
optional
Description

num_update

Type
int32
Category
optional
Description

num_delete

Type
int32
Category
optional
Description

num_read

Type
int32
Category
optional
Description

update_stats

Type
SeAgentGraphDBNodeTxnStats
Category
optional
Description

delete_stats

Type
SeAgentGraphDBNodeTxnStats
Category
optional
Description

read_stats

Type
SeAgentGraphDBNodeTxnStats
Category
optional
Description

SeAgentGraphDBNodeTxnStats

history

Type
SeAgentGraphDBNodeTxnDetail
Category
repeated
Description

longest_txn

Type
SeAgentGraphDBNodeTxnDetail
Category
optional
Description

SeAgentGraphDBNodeTxnDetail

duration

Type
int32
Category
optional
Description

txn_id

Type
string
Category
optional
Description

start_time

Type
string
Category
optional
Description

dp_enq_time

Type
string
Category
optional
Description

dp_deq_time

Type
string
Category
optional
Description

end_time

Type
string
Category
optional
Description

dp_duration

Type
int32
Category
optional
Description

SeRumInsertionStats

API


    GET /api/serviceengine/&ltkey>/seruminsertionstats/&ltkey>

CLI


    show serviceengine &ltkey> seruminsertionstats

Data

SeRumInsertionStats

rum_beacons_received

Type
uint64
Category
required
Description

rum_bad_beacons_received

Type
uint64
Category
required
Description

rum_cached_beacons_received

Type
uint64
Category
required
Description

rum_non_page_beacons_received

Type
uint64
Category
required
Description

rum_nav_and_res_using_js

Type
uint64
Category
required
Description

rum_nav_only_using_js

Type
uint64
Category
required
Description

rum_passive_only

Type
uint64
Category
required
Description

rum_failed_using_js

Type
uint64
Category
required
Description

rum_ignored_sample

Type
uint64
Category
required
Description

rum_ignored_content_type

Type
uint64
Category
required
Description

rum_ignored_skip_uri

Type
uint64
Category
required
Description

rum_ignored_uri_not_in_list

Type
uint64
Category
required
Description

rum_ignored_client_ip

Type
uint64
Category
required
Description

rum_ignored_http_status

Type
uint64
Category
required
Description

rum_ignored_sub_request

Type
uint64
Category
required
Description

rum_failed_internal_error

Type
uint64
Category
required
Description

Actions

API


    POST /api/serviceengine/&ltkey>/seruminsertionstats/clear

CLI


    clear serviceengine &ltkey> seruminsertionstats

MeminfoRuntime

API


    GET /api/serviceengine/&ltkey>/meminfo/&ltkey>
	Query Params: SeParamsFilter

CLI


    show serviceengine &ltkey> meminfo filter [primary_only] [disable_aggregate] [se_uuid] [all_se]

Data

MeminfoRuntime

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

memory_config

Type
MemConfig
Category
optional
Description

process_memory_stats

Type
Mallstats
Category
optional
Description

shared_memory_stats

Type
Jestats
Category
optional
Description

protobuf_memory_stats

Type
MemProto
Category
optional
Description

MemConfig

number_of_CPUs

Type
uint32
Category
required
Description

number_of_arenas

Type
uint32
Category
required
Description

pointer_size

Type
uint32
Category
required
Description

quantum_size

Type
uint32
Category
required
Description

page_size

Type
uint32
Category
required
Description

chunk_size

Type
uint32
Category
required
Description

Mallstats

bytes_allocated

Type
uint64
Category
required
Description

bytes_mapped

Type
uint64
Category
required
Description

Jestats

bytes_allocated

Type
uint64
Category
required
Description

bytes_active

Type
uint64
Category
required
Description

bytes_mapped

Type
uint64
Category
required
Description

bytes_allocated_small

Type
uint64
Category
required
Description

bytes_allocated_large

Type
uint64
Category
required
Description

bytes_allocated_huge

Type
uint64
Category
required
Description

small

Type
AllocInfo
Category
optional
Description

large

Type
AllocInfo
Category
optional
Description

total

Type
AllocInfo
Category
optional
Description

page_stats

Type
PageStats
Category
optional
Description

AllocInfo

bytes_allocated

Type
uint64
Category
required
Description

number_of_mallocs

Type
uint64
Category
required
Description

number_of_dallocs

Type
uint64
Category
required
Description

number_of_requests

Type
uint64
Category
required
Description

PageStats

page_active

Type
uint64
Category
required
Description

page_dirty

Type
uint64
Category
required
Description

sweep

Type
uint64
Category
required
Description

madvise

Type
uint64
Category
required
Description

purged

Type
uint64
Category
required
Description

MemProto

current_usage

Type
uint32
Category
required
Description

max_mem_usage

Type
uint32
Category
required
Description

memory_mapped

Type
uint32
Category
required
Description

SeLogStatsRuntime

API


    GET /api/serviceengine/&ltkey>/selogstats/&ltkey>

CLI


    show serviceengine &ltkey> selogstats

Data

SeLogStatsRuntime

count

Type
uint32
Category
required
Description
Default
0

conn_nf_hit

Type
uint32
Category
required
Description
Default
0

conn_nf_miss

Type
uint32
Category
required
Description
Default
0

conn_nf_limit

Type
uint32
Category
required
Description
Default
0

conn_udf_hit

Type
uint32
Category
required
Description
Default
0

conn_udf_miss

Type
uint32
Category
required
Description
Default
0

conn_udf_limit

Type
uint32
Category
required
Description
Default
0

conn_adf_hit

Type
uint32
Category
required
Description
Default
0

conn_adf_miss

Type
uint32
Category
required
Description
Default
0

conn_adf_limit

Type
uint32
Category
required
Description
Default
0

appl_nf_hit

Type
uint32
Category
required
Description
Default
0

appl_nf_miss

Type
uint32
Category
required
Description
Default
0

appl_nf_limit

Type
uint32
Category
required
Description
Default
0

appl_udf_hit

Type
uint32
Category
required
Description
Default
0

appl_udf_miss

Type
uint32
Category
required
Description
Default
0

appl_udf_limit

Type
uint32
Category
required
Description
Default
0

appl_adf_hit

Type
uint32
Category
required
Description
Default
0

appl_adf_miss

Type
uint32
Category
required
Description
Default
0

appl_adf_limit

Type
uint32
Category
required
Description
Default
0

event_hit

Type
uint32
Category
required
Description
Default
0

event_miss

Type
uint32
Category
required
Description
Default
0

Actions

API


    POST /api/serviceengine/&ltkey>/selogstats/clear

CLI


    clear serviceengine &ltkey> selogstats

SeFaultInjectExhaustConn

API


CLI


Data

SeFaultInjectExhaustConn

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

num_objects

Type
uint64
Category
required
Description

Actions

API


    POST /api/serviceengine/&ltkey>/faultinject/exhaust_conn/clear

CLI


    faultinject serviceengine &ltkey> exhaust_conn

Data

TcpConnRuntime

API


    GET /api/serviceengine/&ltkey>/tcp-flows/&ltkey>
	Query Params: ConnectionFilter	ListeningsockFilter	CorenumFilter

CLI


    show serviceengine &ltkey> tcp-flows filter [conn_type] [ip_addr] [port] [ip_mask] [listening_ports] [core_num]

Data

TcpConnRuntime

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

connection

Type
SimpleconnEntry
Category
repeated
Description

SimpleconnEntry

l_ip

Type
string
Category
optional
Description

f_ip

Type
string
Category
optional
Description

l_port

Type
uint32
Category
optional
Description

f_port

Type
uint32
Category
optional
Description

tcp_state

Type
uint32
Category
optional
Description

tcp_state_name

Type
string
Category
optional
Description

l_port_end

Type
uint32
Category
optional
Description

vrf_id

Type
uint32
Category
optional
Description

IpStatRuntime

API


    GET /api/serviceengine/&ltkey>/ipstat/&ltkey>
	Query Params: SeParamsFilter

CLI


    show serviceengine &ltkey> ipstat filter [primary_only] [disable_aggregate] [se_uuid] [all_se]

Data

IpStatRuntime

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

ips_total

Type
uint64
Category
required
Description

ips_badsum

Type
uint64
Category
required
Description

ips_ipsum_large

Type
uint64
Category
required
Description

ips_badtcpsum

Type
uint64
Category
required
Description

ips_tcpsum_large

Type
uint64
Category
required
Description

ips_tooshort

Type
uint64
Category
required
Description

ips_toosmall

Type
uint64
Category
required
Description

ips_badhlen

Type
uint64
Category
required
Description

ips_badlen

Type
uint64
Category
required
Description

ips_fragments

Type
uint64
Category
required
Description

ips_fragdropped

Type
uint64
Category
required
Description

ips_fragtimeout

Type
uint64
Category
required
Description

ips_forward

Type
uint64
Category
required
Description

ips_fastforward

Type
uint64
Category
required
Description

ips_cantforward

Type
uint64
Category
required
Description

ips_redirectsent

Type
uint64
Category
required
Description

ips_noproto

Type
uint64
Category
required
Description

ips_delivered

Type
uint64
Category
required
Description

ips_localout

Type
uint64
Category
required
Description

ips_odropped

Type
uint64
Category
required
Description

ips_reassembled

Type
uint64
Category
required
Description

ips_fragmented

Type
uint64
Category
required
Description

ips_ofragments

Type
uint64
Category
required
Description

ips_cantfrag

Type
uint64
Category
required
Description

ips_badoptions

Type
uint64
Category
required
Description

ips_noroute

Type
uint64
Category
required
Description

ips_badvers

Type
uint64
Category
required
Description

ips_rawout

Type
uint64
Category
required
Description

ips_toolong

Type
uint64
Category
required
Description

ips_notmember

Type
uint64
Category
required
Description

ips_nogif

Type
uint64
Category
required
Description

ips_badaddr

Type
uint64
Category
required
Description

ips_badudpsum

Type
uint64
Category
required
Description

ips_udpsum_large

Type
uint64
Category
required
Description

Actions

API


    POST /api/serviceengine/&ltkey>/ipstat/clear

CLI


    clear serviceengine &ltkey> ipstat

ShMallocStatRuntime

API


    GET /api/serviceengine/&ltkey>/shmallocstats/&ltkey>

CLI


    show serviceengine &ltkey> shmallocstats

Data

ShMallocStatRuntime

se_uuid

Type
string
Category
optional
Description

sh_mallocstat_entry

Type
ShMallocStatEntry
Category
repeated
Description

ShMallocStatEntry

sh_malloc_type_name

Type
string
Category
required
Description

sh_malloc_type_cnt

Type
int32
Category
required
Description

sh_malloc_type_size

Type
uint64
Category
required
Description

sh_malloc_type_fail

Type
int32
Category
required
Description

SeAuthStatsRuntime

API


    GET /api/serviceengine/&ltkey>/seauthstats/&ltkey>

CLI


    show serviceengine &ltkey> seauthstats

Data

SeAuthStatsRuntime

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

auth_counter

Type
uint64
Category
optional
Description

auth_ignored_config

Type
uint64
Category
optional
Description

auth_unauthorized

Type
uint64
Category
optional
Description

auth_timed_out

Type
uint64
Category
optional
Description

auth_cached_allow

Type
uint64
Category
optional
Description

auth_cached_deny

Type
uint64
Category
optional
Description

auth_search_failed

Type
uint64
Category
optional
Description

auth_search_success

Type
uint64
Category
optional
Description

auth_group_failed

Type
uint64
Category
optional
Description

auth_group_success

Type
uint64
Category
optional
Description

auth_login_failed

Type
uint64
Category
optional
Description

auth_login_success

Type
uint64
Category
optional
Description

auth_internal_error

Type
uint64
Category
optional
Description

auth_waiting

Type
uint64
Category
optional
Description

Actions

API


    POST /api/serviceengine/&ltkey>/seauthstats/clear

CLI


    clear serviceengine &ltkey> seauthstats

ArpStatRuntime

API


    GET /api/serviceengine/&ltkey>/arpstat/&ltkey>
	Query Params: SeParamsFilter

CLI


    show serviceengine &ltkey> arpstat filter [primary_only] [disable_aggregate] [se_uuid] [all_se]

Data

ArpStatRuntime

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

txrequests

Type
uint64
Category
required
Description

txreplies

Type
uint64
Category
required
Description

rxrequests

Type
uint64
Category
required
Description

rxreplies

Type
uint64
Category
required
Description

received

Type
uint64
Category
required
Description

dropped

Type
uint64
Category
required
Description

timeouts

Type
uint64
Category
required
Description

dupips

Type
uint64
Category
required
Description

Actions

API


    POST /api/serviceengine/&ltkey>/arpstat/clear

CLI


    clear serviceengine &ltkey> arpstat

SeMicroService

API


    GET /api/serviceengine/&ltkey>/microservice/&ltkey>
	Query Params: SeMicroServiceFilter

CLI


    show serviceengine &ltkey> microservice filter [microservice_uuid] [container_key]

Data

SeMicroService

se_uuid

Type
string
Category
optional
Description

proc_id

Type
string
Category
optional
Description

services

Type
MicroServiceInternal
Category
repeated
Description

containers

Type
ContainerInternal
Category
repeated
Description

MicroServiceInternal

uuid

Type
string
Category
optional
Description

name

Type
string
Category
optional
Description

app_name

Type
string
Category
optional
Description

orchestrator_name

Type
string
Category
optional
Description

containers

Type
ContainerInternal
Category
repeated
Description

se_uuid

Type
string
Category
optional
Description

ip_list

Type
bool
Category
optional
Description

ContainerInternal

id

Type
string
Category
optional
Description

task_id

Type
string
Category
optional
Description

ip_addr

Type
string
Category
optional
Description

host

Type
string
Category
optional
Description

ports

Type
string
Category
optional
Description

name

Type
string
Category
optional
Description

nat_ip_addr

Type
string
Category
optional
Description

MetricsRuntimeDetail

API


    GET /api/serviceengine/&ltkey>/metrics/detail/&ltkey>
	Query Params: SeMetricsFilter	VsMetricsFilter

CLI


    show serviceengine &ltkey> metrics detail filter [se_uuid] [vs_uuid] [obj_id]

Data

MetricsRuntimeDetail

uuid

Type
string
Category
optional
Description

type

Type
enum
Category
optional
Description
Choices
VSERVER_METRICS_ENTITY, VM_METRICS_ENTITY, SE_METRICS_ENTITY, CONTROLLER_METRICS_ENTITY, APPLICATION_METRICS_ENTITY, TENANT_METRICS_ENTITY

se_stats

Type
SeStats
Category
optional
Description

base_vs_stats

Type
VsStats
Category
optional
Description

curr_vs_stats

Type
VsStats
Category
optional
Description

se_if_stats

Type
MetricsSeIfStats
Category
repeated
Description

user_metrics

Type
MetricsUserMetrics
Category
repeated
Description

SeStats

node_obj_id

Type
string
Category
required
Description

cpu_usage

Type
uint64
Category
optional
Description
cpu usage

mem_usage

Type
uint64
Category
optional
Description
physical memory usage

total_memory

Type
uint64
Category
optional
Description
actual physical memory in MB

packet_buffer_usage

Type
uint64
Category
optional
Description
total packet buffer usage

packet_buffer_size

Type
uint64
Category
optional
Description
total packet buffer memory in MB

packet_buffer_large_usage

Type
uint64
Category
optional
Description
large packet buffer usage

packet_buffer_small_usage

Type
uint64
Category
optional
Description
small packet buffer usage

packet_buffer_header_usage

Type
uint64
Category
optional
Description
packet buffer header usage

connection_table_size

Type
uint64
Category
optional
Description
Connection/flow table entries

synseen_entries_size

Type
uint64
Category
optional
Description
Synseen/flow table entries

persistent_table_size

Type
uint64
Category
optional
Description
session persistent table entries

persistent_table_usage

Type
uint64
Category
optional
Description
session persistent table entries percent

connection_dropped_persistence_table_limit

Type
uint64
Category
optional
Description
Number of times persistence table limit is reached

ssl_session_cache

Type
uint64
Category
optional
Description
ssl session cache

ssl_session_cache_usage

Type
uint64
Category
optional
Description
ssl session cache usage percent

num_vs

Type
uint64
Category
optional
Description
number of vs-s

syn_cache_usage

Type
uint64
Category
optional
Description
SYN cache usage. Higher usage indicates too many connection attempts and open at service engine.

rx_bytes_dropped

Type
uint64
Category
optional
Description
Total number of bytes of received packets dropped It includes packets across all VS and non VS

rx_pkts_dropped

Type
uint64
Category
optional
Description
Total number of rx_pkts dropped at SE. It includes packets across all VS and non VS

connection_policy_drops

Type
uint64
Category
optional
Description
Total number of rx_pkts dropped at SE due to policies configured in VS eg. security policy, rate limits connection limit, bandwidth limit etc.

connections

Type
uint64
Category
optional
Description
Total number of connections including the dropped connections and ones due to policy drops. This would be same as number of SYNS seen by SE on any VS

connections_dropped

Type
uint64
Category
optional
Description
Total number of connections dropped excluding the dropped connections and ones due to policy drops. This would be same as number of SYNS seen by SE on any VS. It include both connections that failed to establish

dos_rx_bytes

Type
uint64
Category
optional
Description
Received dos attack bytes

dos_tx_bytes

Type
uint64
Category
optional
Description
Transmitted dos attack bytes

eth0_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth0_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth0_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth0_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth0_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 0

eth0_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 0

eth0_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 0

eth0_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 0

eth0_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth0_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth0_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth0_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth0_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 0

eth1_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth1_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth1_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth1_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth1_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 1

eth1_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 1

eth1_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 1

eth1_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 1

eth1_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth1_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth1_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth1_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth1_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 1

eth2_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth2_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth2_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth2_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth2_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 2

eth2_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 2

eth2_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 2

eth2_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 2

eth2_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth2_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth2_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth2_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth2_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 2

eth3_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth3_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth3_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth3_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth3_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 3

eth3_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 3

eth3_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 3

eth3_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 3

eth3_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth3_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth3_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth3_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth3_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 3

eth4_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth4_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth4_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth4_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth4_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 4

eth4_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 4

eth4_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 4

eth4_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 4

eth4_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth4_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth4_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth4_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth4_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 4

eth5_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth5_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth5_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth5_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth5_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 5

eth5_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 5

eth5_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 5

eth5_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 5

eth5_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth5_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth5_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth5_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth5_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 5

eth6_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth6_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth6_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth6_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth6_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 6

eth6_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 6

eth6_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 6

eth6_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 6

eth6_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth6_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth6_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth6_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth6_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 6

eth7_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth7_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth7_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth7_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth7_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 7

eth7_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 7

eth7_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 7

eth7_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 7

eth7_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth7_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth7_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth7_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth7_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 7

eth8_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth8_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth8_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth8_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth8_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 8

eth8_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 8

eth8_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 8

eth8_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 8

eth8_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth8_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth8_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth8_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth8_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 8

eth9_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth9_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth9_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth9_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth9_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 9

eth9_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 9

eth9_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 9

eth9_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 9

eth9_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth9_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth9_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth9_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth9_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 9

eth10_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth10_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth10_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth10_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth10_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 0

eth10_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 0

eth10_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 0

eth10_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 0

eth10_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth10_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth10_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth10_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth10_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 0

eth11_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth11_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth11_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth11_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth11_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 1

eth11_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 1

eth11_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 1

eth11_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 1

eth11_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth11_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth11_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth11_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth11_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 1

eth12_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth12_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth12_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth12_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth12_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 2

eth12_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 2

eth12_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 2

eth12_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 2

eth12_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth12_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth12_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth12_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth12_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 2

eth13_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth13_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth13_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth13_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth13_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 3

eth13_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 3

eth13_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 3

eth13_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 3

eth13_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth13_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth13_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth13_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth13_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 3

eth14_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth14_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth14_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth14_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth14_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 4

eth14_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 4

eth14_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 4

eth14_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 4

eth14_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth14_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth14_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth14_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth14_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 4

eth15_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth15_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth15_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth15_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth15_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 5

eth15_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 5

eth15_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 5

eth15_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 5

eth15_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth15_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth15_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth15_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth15_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 5

eth16_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth16_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth16_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth16_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth16_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 6

eth16_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 6

eth16_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 6

eth16_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 6

eth16_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth16_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth16_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth16_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth16_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 6

eth17_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth17_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth17_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth17_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth17_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 7

eth17_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 7

eth17_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 7

eth17_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 7

eth17_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth17_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth17_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth17_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth17_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 7

eth18_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth18_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth18_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth18_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth18_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 8

eth18_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 8

eth18_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 8

eth18_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 8

eth18_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth18_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth18_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth18_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth18_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 8

eth19_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth19_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth19_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth19_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth19_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 9

eth19_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 9

eth19_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 9

eth19_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 9

eth19_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth19_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth19_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth19_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth19_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 9

eth20_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth20_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth20_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth20_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth20_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 0

eth20_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 0

eth20_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 0

eth20_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 0

eth20_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth20_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth20_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth20_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth20_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 0

eth21_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth21_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth21_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth21_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth21_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 1

eth21_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 1

eth21_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 1

eth21_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 1

eth21_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth21_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth21_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth21_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth21_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 1

eth22_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth22_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth22_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth22_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth22_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 2

eth22_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 2

eth22_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 2

eth22_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 2

eth22_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth22_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth22_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth22_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth22_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 2

eth23_rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

eth23_rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

eth23_rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

eth23_tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

eth23_rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface 3

eth23_tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface 3

eth23_rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface 3

eth23_tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface 3

eth23_connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

eth23_syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

eth23_connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

eth23_connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

eth23_max_bw

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface 3

disk1_usage

Type
uint64
Category
optional
Description
Disk usage percent

connection_mem_usage

Type
uint64
Category
optional
Description
Percentage of connection memory used

connection_mem_total

Type
uint64
Category
optional
Description
Max connection memory in MB

packet_dropped_packet_buffer_stressed

Type
uint64
Category
optional
Description
Packet is dropped because our packet buffers are under stress

connection_dropped_packet_buffer_stressed

Type
uint64
Category
optional
Description
Connection is dropped because our packet buffer are under stress

packet_buffer_allocation_failure

Type
uint64
Category
optional
Description
Packet buffer allocation failed.

connection_dropped_memory_limit

Type
uint64
Category
optional
Description
Connection is dropped because memory allocation failed is reached

cache_object_allocation_failure

Type
uint64
Category
optional
Description
Number of times cacheable objects were dropped due to memory allocation failure

dos_land

Type
uint64
Category
optional
Description
DoS attack: Land

dos_smurf

Type
uint64
Category
optional
Description
DoS attack: Smurf

dos_icmp_flood

Type
uint64
Category
optional
Description
DoS attack: Icmp Ping Flood

dos_unknown_protocol

Type
uint64
Category
optional
Description
DoS attack: Unknown Protocol

dos_teardrop

Type
uint64
Category
optional
Description
DoS attack: Teardrop

dos_ip_frag_overrun

Type
uint64
Category
optional
Description
DoS attack: Ip Fragmentation Overrun

dos_ip_frag_toosmall

Type
uint64
Category
optional
Description
DoS attack: Ip Fragmentation Too Small

dos_ip_frag_full

Type
uint64
Category
optional
Description
DoS attack: Ip Fragmentation Full

dos_ip_frag_incomplete

Type
uint64
Category
optional
Description
DoS attack: Ip Fragmentation Incomplete

dos_port_scan

Type
uint64
Category
optional
Description
DoS attack: Port Scan

dos_tcp_non_syn_flood

Type
uint64
Category
optional
Description
DoS attack: Non Syn Flood

VsStats

bel4stats

Type
ServerL4Stats
Category
repeated
Description

fel4stats

Type
VserverL4Stats
Category
repeated
Description

bel7stats

Type
ServerL7Stats
Category
repeated
Description

fel7stats

Type
VserverL7Stats
Category
repeated
Description

dns_stats

Type
VserverDNSStats
Category
repeated
Description

ServerL4Stats

node_obj_id

Type
string
Category
required
Description

conn_duration

Type
uint64
Category
required
Description

dup_ack_retransmits

Type
uint64
Category
required
Description

sack_retransmits

Type
uint64
Category
required
Description

timeout_retransmits

Type
uint64
Category
required
Description

out_of_orders

Type
uint64
Category
required
Description

syns_sent

Type
uint64
Category
required
Description

new_established_conns

Type
uint64
Category
required
Description

complete_conns

Type
uint64
Category
required
Description

finished_conns

Type
uint64
Category
required
Description

open_conns

Type
uint64
Category
required
Description

connections_dropped

Type
uint64
Category
required
Description

lossy_connections

Type
uint64
Category
required
Description

errored_connections

Type
uint64
Category
required
Description

rx_pkts

Type
uint64
Category
required
Description

rx_bytes

Type
uint64
Category
required
Description

tx_pkts

Type
uint64
Category
required
Description

tx_bytes

Type
uint64
Category
required
Description

tx_goodput

Type
uint64
Category
required
Description

rx_goodput

Type
uint64
Category
required
Description

rx_pkts_absolute

Type
uint64
Category
required
Description

rx_bytes_absolute

Type
uint64
Category
required
Description

tx_pkts_absolute

Type
uint64
Category
required
Description

tx_bytes_absolute

Type
uint64
Category
required
Description

rx_zero_window_size_events

Type
uint64
Category
required
Description

rx_tcp_resets

Type
uint64
Category
required
Description

connection_setup_time

Type
uint64
Category
required
Description

rtt

Type
uint64
Category
required
Description

rtt_valid_connections

Type
uint64
Category
required
Description

server_uptime

Type
uint64
Category
required
Description

num_state_changes

Type
uint64
Category
required
Description

health_check_failures

Type
uint64
Category
required
Description
Default
0

health_status

Type
uint64
Category
required
Description
Default
0

conn_dropped_before_syn_sent

Type
uint64
Category
required
Description

conn_dropped_before_est

Type
uint64
Category
required
Description

conn_dropped_after_est

Type
uint64
Category
required
Description

lb_fail_count

Type
uint64
Category
required
Description
Number of times load balancing failed

server_count

Type
uint64
Category
required
Description

lossy_req

Type
uint64
Category
optional
Description

tx_zero_window_size_events

Type
uint64
Category
optional
Description

capacity

Type
uint64
Category
optional
Description
This reflects capacity of the servers as measured from SE as C_i.

available_capacity

Type
uint64
Category
optional
Description
This reflects available capacity of the servers as measured from SE as C_i - L_i.

est_capacity

Type
uint64
Category
optional
Description
This reflects capacity of the servers as measured from SE as C_i.

VserverL4Stats

node_obj_id

Type
string
Category
required
Description

dup_ack_retransmits

Type
uint64
Category
required
Description

sack_retransmits

Type
uint64
Category
required
Description

timeout_retransmits

Type
uint64
Category
required
Description

out_of_orders

Type
uint64
Category
required
Description

syns

Type
uint64
Category
required
Description

new_established_conns

Type
uint64
Category
required
Description

complete_conns

Type
uint64
Category
required
Description

finished_conns

Type
uint64
Category
required
Description

open_conns

Type
uint64
Category
required
Description

connections_dropped

Type
uint64
Category
required
Description

lossy_connections

Type
uint64
Category
required
Description

errored_connections

Type
uint64
Category
required
Description

policy_drops

Type
uint64
Category
optional
Description
Rate of total connections dropped due to VS policy per second. It includes drops due to rate limits, security policy drops, connection limits etc.

rx_pkts

Type
uint64
Category
required
Description

rx_bytes

Type
uint64
Category
required
Description

tx_pkts

Type
uint64
Category
required
Description

tx_bytes

Type
uint64
Category
required
Description

rx_pkts_absolute

Type
uint64
Category
required
Description

rx_bytes_absolute

Type
uint64
Category
required
Description

tx_pkts_absolute

Type
uint64
Category
required
Description

tx_bytes_absolute

Type
uint64
Category
required
Description

end_to_end_rtt

Type
uint64
Category
required
Description

end_to_end_rtt_bucket1

Type
uint64
Category
required
Description

end_to_end_rtt_bucket2

Type
uint64
Category
required
Description

conn_duration

Type
uint64
Category
required
Description

zero_window_size_events

Type
uint64
Category
required
Description

server_flow_control

Type
uint64
Category
required
Description

rtt_valid_connections

Type
uint64
Category
required
Description

conn_dropped_before_est

Type
uint64
Category
required
Description

conn_dropped_after_est

Type
uint64
Category
required
Description

connection_dropped_user_limit

Type
uint64
Category
required
Description
Number of times connection limit is reached

packet_dropped_user_bandwidth_limit

Type
uint64
Category
required
Description
Number of times bandwidth limit is reached

dos_syn_flood

Type
uint64
Category
required
Description
DoS attack: Syn Flood

dos_bad_rst_flood

Type
uint64
Category
required
Description
DoS attack: Bad Rst Flood

dos_malformed_flood

Type
uint64
Category
required
Description
DoS attack: Malformed Packet Flood

dos_fake_session

Type
uint64
Category
required
Description
DoS attack: Fake Session

dos_zero_window_stress

Type
uint64
Category
required
Description
DoS attack: Zero Window Stress

dos_small_window_stress

Type
uint64
Category
required
Description
DoS attack: Small Window Stress

dos_http_timeout

Type
uint64
Category
required
Description
DoS attack: HTTP Timeout

dos_http_error

Type
uint64
Category
required
Description
DoS attack: HTTP Error

dos_http_abort

Type
uint64
Category
required
Description
DoS attack: HTTP Abort

dos_ssl_error

Type
uint64
Category
required
Description
DoS attack: HTTP SSL Error

dos_app_error

Type
uint64
Category
required
Description
DoS attack: HTTP App Error

dos_rx_bytes

Type
uint64
Category
optional
Description
DoS attack: RX bandwidth

dos_tx_bytes

Type
uint64
Category
optional
Description
DoS attack: TX bandwidth

dos_total_req

Type
uint64
Category
optional
Description
Total request used for l7 dos normalization

dos_req

Type
uint64
Category
optional
Description
Requests considered as DoS

dos_conn

Type
uint64
Category
optional
Description
Connecitons considered as DoS

dos_non_syn_flood

Type
uint64
Category
optional
Description
DoS attack: Non SYN packet flood

dos_slow_uri

Type
uint64
Category
optional
Description
DoS attack: Slow Uri

dos_conn_rl_drop

Type
uint64
Category
optional
Description
Connections dropped due to VS rate limit

dos_req_rl_drop

Type
uint64
Category
optional
Description
Requests dropped due to VS rate limit

dos_conn_ip_rl_drop

Type
uint64
Category
optional
Description
Connections dropped due to IP rate limit

dos_req_ip_rl_drop

Type
uint64
Category
optional
Description
Requests dropped due to source IP rate limit

dos_req_uri_rl_drop

Type
uint64
Category
optional
Description
Requests dropped due to URI rate limit

dos_req_ip_uri_rl_drop

Type
uint64
Category
optional
Description
Requeats dropped due to IP&URI rate limit

dos_req_ip_rl_drop_bad

Type
uint64
Category
optional
Description
Requests dropped due to source IP rate limit for bad requests

dos_req_uri_rl_drop_bad

Type
uint64
Category
optional
Description
Requests dropped due to URI rate limit for bad requests

dos_req_ip_uri_rl_drop_bad

Type
uint64
Category
optional
Description
Requeats dropped due to IP&URI rate limit for bad requests

dos_req_ip_scan_bad_rl_drop

Type
uint64
Category
optional
Description
Requests dropped due to bad IP rate limit

dos_req_ip_scan_unknown_rl_drop

Type
uint64
Category
optional
Description
Requests dropped due to unknown IP rate limit

dos_req_uri_scan_bad_rl_drop

Type
uint64
Category
optional
Description
Requests dropped due to bad URI rate limit

dos_req_uri_scan_unknown_rl_drop

Type
uint64
Category
optional
Description
Requests dropped due to unknown URI rate limit

dos_req_hdr_rl_drop

Type
uint64
Category
optional
Description
Requests dropped due to header or cookie rate limit

lossy_req

Type
uint64
Category
optional
Description
Total request used for l7 dos normalization

rx_pkts_dropped

Type
uint64
Category
optional
Description
Number of packets dropped by virtual service. Include policy drops

rx_bytes_dropped

Type
uint64
Category
optional
Description
Number of bytes dropped by virtual service due to policy

pkts_policy_drops

Type
uint64
Category
optional
Description
Number of pkts dropped by virtual service due to policy like l4 security connection limits, rate limits

bytes_policy_drops

Type
uint64
Category
optional
Description
Number of bytes dropped by virtual service due to policy like l4 security connection limits, rate limits

num_active_se

Type
uint64
Category
optional
Description
Number of active SEs

ServerL7Stats

node_obj_id

Type
string
Category
required
Description

get_reqs

Type
uint64
Category
required
Description

post_reqs

Type
uint64
Category
required
Description

other_reqs

Type
uint64
Category
required
Description

finished_sessions

Type
uint64
Category
required
Description

reqs_finished_sessions

Type
uint64
Category
required
Description

concurrent_sessions

Type
uint64
Category
required
Description

resp_1xx

Type
uint64
Category
required
Description

resp_2xx

Type
uint64
Category
required
Description

resp_3xx

Type
uint64
Category
required
Description

resp_4xx

Type
uint64
Category
required
Description

resp_4xx_errors

Type
uint64
Category
required
Description

resp_5xx

Type
uint64
Category
required
Description

resp_5xx_errors

Type
uint64
Category
required
Description

get_resp_latency_bucket1

Type
uint64
Category
required
Description

get_resp_latency_bucket2

Type
uint64
Category
required
Description

post_resp_latency_bucket1

Type
uint64
Category
required
Description

post_resp_latency_bucket2

Type
uint64
Category
required
Description

other_resp_latency_bucket1

Type
uint64
Category
required
Description

other_resp_latency_bucket2

Type
uint64
Category
required
Description

get_resp_latency

Type
uint64
Category
required
Description

post_resp_latency

Type
uint64
Category
required
Description

other_resp_latency

Type
uint64
Category
required
Description

timeouts

Type
uint64
Category
required
Description

total_requests

Type
uint64
Category
required
Description

complete_responses

Type
uint64
Category
required
Description

total_responses

Type
uint64
Category
required
Description

application_response_time

Type
uint64
Category
required
Description

error_responses

Type
uint64
Category
required
Description

lb_fail_count

Type
uint64
Category
required
Description
Number of times load balancing failed

server_count

Type
uint64
Category
required
Description

VserverL7Stats

node_obj_id

Type
string
Category
required
Description

get_reqs

Type
uint64
Category
required
Description

post_reqs

Type
uint64
Category
required
Description

other_reqs

Type
uint64
Category
required
Description

finished_sessions

Type
uint64
Category
required
Description

reqs_finished_sessions

Type
uint64
Category
required
Description

concurrent_sessions

Type
uint64
Category
required
Description

resp_1xx

Type
uint64
Category
required
Description

resp_2xx

Type
uint64
Category
required
Description

resp_3xx

Type
uint64
Category
required
Description

resp_4xx

Type
uint64
Category
required
Description

resp_4xx_avi_errors

Type
uint64
Category
required
Description

resp_5xx

Type
uint64
Category
required
Description

resp_5xx_avi_errors

Type
uint64
Category
required
Description

get_client_txn_latency_bucket1

Type
uint64
Category
required
Description

get_client_txn_latency_bucket2

Type
uint64
Category
required
Description

post_client_txn_latency_bucket1

Type
uint64
Category
required
Description

post_client_txn_latency_bucket2

Type
uint64
Category
required
Description

other_client_txn_latency_bucket1

Type
uint64
Category
required
Description

other_client_txn_latency_bucket2

Type
uint64
Category
required
Description

total_requests

Type
uint64
Category
required
Description

complete_responses

Type
uint64
Category
required
Description

total_responses

Type
uint64
Category
required
Description

error_responses

Type
uint64
Category
required
Description

get_client_txn_latency

Type
uint64
Category
required
Description

post_client_txn_latency

Type
uint64
Category
required
Description

other_client_txn_latency

Type
uint64
Category
required
Description

client_data_transfer_time

Type
uint64
Category
required
Description

cache_hits

Type
uint64
Category
required
Description

cache_bytes

Type
uint64
Category
required
Description

cacheable_hits

Type
uint64
Category
required
Description

cacheable_bytes

Type
uint64
Category
required
Description

pre_compression_bytes

Type
uint64
Category
required
Description

post_compression_bytes

Type
uint64
Category
required
Description

saved_compression_bytes

Type
uint64
Category
required
Description

compressed_reqs

Type
uint64
Category
required
Description

compressed_at_origin_reqs

Type
uint64
Category
required
Description

compressible_reqs

Type
uint64
Category
required
Description

compression_skipped_reqs

Type
uint64
Category
required
Description

rum_active_sampled_reqs

Type
uint64
Category
required
Description

rum_passive_sampled_reqs

Type
uint64
Category
required
Description

rum_not_sampled_reqs

Type
uint64
Category
required
Description

rum_failed_sampled_reqs

Type
uint64
Category
required
Description

ssl_handshakes_new

Type
uint64
Category
required
Description

ssl_handshakes_reused

Type
uint64
Category
required
Description

ssl_handshake_protocol_errors

Type
uint64
Category
required
Description

ssl_handshake_network_errors

Type
uint64
Category
required
Description

ssl_handshakes_timedout

Type
uint64
Category
required
Description

ssl_ver_ssl30

Type
uint64
Category
required
Description

ssl_ver_tls10

Type
uint64
Category
required
Description

ssl_ver_tls11

Type
uint64
Category
required
Description

ssl_ver_tls12

Type
uint64
Category
required
Description

ssl_auth_rsa

Type
uint64
Category
required
Description

ssl_auth_ecdsa

Type
uint64
Category
required
Description

ssl_auth_dsa

Type
uint64
Category
required
Description

ssl_kx_rsa

Type
uint64
Category
required
Description

ssl_kx_dh

Type
uint64
Category
required
Description

ssl_kx_ecdh

Type
uint64
Category
required
Description

ssl_enc_rc4

Type
uint64
Category
required
Description

ssl_enc_3des

Type
uint64
Category
required
Description

ssl_enc_aes128

Type
uint64
Category
required
Description

ssl_enc_aes256

Type
uint64
Category
required
Description

ssl_mac_md5

Type
uint64
Category
required
Description

ssl_mac_sha1

Type
uint64
Category
required
Description

ssl_mac_sha256

Type
uint64
Category
required
Description

ssl_mac_sha384

Type
uint64
Category
required
Description

ssl_mac_aead

Type
uint64
Category
required
Description

client_close_error

Type
uint64
Category
optional
Description

application_error

Type
uint64
Category
optional
Description

timeout_error

Type
uint64
Category
optional
Description

no_available_pool_error

Type
uint64
Category
optional
Description

conn_accept_error

Type
uint64
Category
optional
Description

server_timeout_error

Type
uint64
Category
optional
Description

persist_change

Type
uint64
Category
optional
Description

lb_failure_error

Type
uint64
Category
optional
Description

server_connect_error

Type
uint64
Category
optional
Description

internal_error

Type
uint64
Category
optional
Description

ssl_handshakes_pfs

Type
uint64
Category
optional
Description

ssl_rsa_pfs

Type
uint64
Category
optional
Description

ssl_ecdsa_pfs

Type
uint64
Category
optional
Description

ssl_open_sessions

Type
uint64
Category
optional
Description

VserverDNSStats

node_obj_id

Type
string
Category
required
Description

req_type_a

Type
uint64
Category
required
Description

req_type_aaaa

Type
uint64
Category
required
Description

req_type_ns

Type
uint64
Category
optional
Description

req_type_srv

Type
uint64
Category
optional
Description

req_type_mx

Type
uint64
Category
optional
Description

req_type_other

Type
uint64
Category
optional
Description

resp_type_a

Type
uint64
Category
optional
Description

resp_type_aaaa

Type
uint64
Category
optional
Description

resp_type_ns

Type
uint64
Category
optional
Description

resp_type_srv

Type
uint64
Category
optional
Description

resp_type_cname

Type
uint64
Category
optional
Description

resp_type_mx

Type
uint64
Category
optional
Description

resp_type_other

Type
uint64
Category
optional
Description

invalid_queries

Type
uint64
Category
optional
Description

domain_lookup_failures

Type
uint64
Category
optional
Description

unsupported_queries

Type
uint64
Category
optional
Description

udp_passthrough_queries

Type
uint64
Category
optional
Description

tcp_passthrough_queries

Type
uint64
Category
optional
Description

gslbpool_member_not_available

Type
uint64
Category
optional
Description

local_responses

Type
uint64
Category
optional
Description
Number of responses made by the Avi Load balancer from it's DNS table

udp_passthrough_errors

Type
uint64
Category
optional
Description
UDP passthrough errored queries - Avi sent errors or dropped requests when server timed out, had a port unreachable or responded with an error

local_nxdomains

Type
uint64
Category
optional
Description
Number of NXdomain responses made by the Avi Load balancer for entries not found in it's dns table

udp_queries

Type
uint64
Category
optional
Description
Number of UDP queries

tcp_queries

Type
uint64
Category
optional
Description
Number of TCP queries

errored_queries

Type
uint64
Category
optional
Description
Total number of errored queries

udp_passthrough_resp_time

Type
uint64
Category
optional
Description
Total time taken for DNS responses

tcp_passthrough_errors

Type
uint64
Category
optional
Description
TCP passthrough errored queries - Avi sent errors or dropped requests when server timed out, had a port unreachable or responded with an error

MetricsSeIfStats

node_obj_id

Type
string
Category
required
Description

rx_pkts_dropped_non_vs

Type
uint64
Category
optional
Description
Received packets dropped

rx_bytes_dropped_non_vs

Type
uint64
Category
optional
Description
Received bytes dropped

rx_pkts

Type
uint64
Category
optional
Description
Average received packets per second

tx_pkts

Type
uint64
Category
optional
Description
Average transmit packets per second

rx_bytes

Type
uint64
Category
optional
Description
Received bytes from service engine interface

tx_bytes

Type
uint64
Category
optional
Description
Transmitted bytes to service engine interface

rx_bytes_absolute

Type
uint64
Category
optional
Description
Received bytes(absolute) from service engine interface

tx_bytes_absolute

Type
uint64
Category
optional
Description
Transmitted bytes(absolute) to service engine interface

connection_table_usage

Type
uint64
Category
optional
Description
connection table usage. If it is full/high then it is experiencing DoS

syn_seen_entries_usage

Type
uint64
Category
optional
Description
Percentage of syn seen entries currently used. If it is high then it is experiencing DoS

connection_dropped_table_limit

Type
uint64
Category
optional
Description
Number of times flowtable entries limit is reached

connection_dropped_syn_seen_limit

Type
uint64
Category
optional
Description
Number of times flowtable syn seen entry limit is reached

peak_bandwidth

Type
uint64
Category
optional
Description
Maximum bandwidth seen on service engine interface

MetricsUserMetrics

node_obj_id

Type
string
Category
required
Description

counter

Type
uint64
Category
optional
Description
User defined (via datascript) metrics reported as monotonically increasing counter

SeAgentVnicDBRuntime

API


    GET /api/serviceengine/&ltkey>/vnicdb/&ltkey>

CLI


    show serviceengine &ltkey> vnicdb

Data

SeAgentVnicDBRuntime

se_uuid

Type
string
Category
optional
Description

num_vnics

Type
int32
Category
optional
Description

initial_vnic_discovery_done

Type
bool
Category
optional
Description

initial_sync_with_dataplane_done

Type
bool
Category
optional
Description

dp_replay_pending

Type
bool
Category
optional
Description

vnic

Type
SeAgentVnicRuntime
Category
repeated
Description

vrf

Type
SeAgentVrfRuntime
Category
repeated
Description

SeAgentVnicRuntime

if_name

Type
string
Category
required
Description

linux_name

Type
string
Category
required
Description

mac_address

Type
string
Category
required
Description

pci_id

Type
string
Category
required
Description

mtu

Type
int32
Category
optional
Description

dhcp_enabled

Type
bool
Category
required
Description

enabled

Type
bool
Category
required
Description

connected

Type
bool
Category
required
Description

network_uuid

Type
string
Category
optional
Description

nw

Type
SeAgentVnicNwRuntime
Category
repeated
Description

is_mgmt

Type
bool
Category
optional
Description

is_complete

Type
bool
Category
optional
Description

avi_internal_network

Type
bool
Category
optional
Description

enabled_flag

Type
bool
Category
optional
Description

running_flag

Type
bool
Category
optional
Description

pushed_to_dataplane

Type
bool
Category
optional
Description

consumed_by_dataplane

Type
bool
Category
optional
Description

pushed_to_controller

Type
bool
Category
optional
Description

can_se_dp_takeover

Type
bool
Category
optional
Description

vrf_ref

Type
Reference to VrfContext
Category
optional
Description

vrf_id

Type
uint32
Category
optional
Description

SeAgentVnicNwRuntime

ip

Type
IpAddrPrefix
Category
required
Description

mode

Type
enum
Category
required
Description
Choices
DHCP, STATIC, VIP, DOCKER_HOST

ref_cnt

Type
int32
Category
optional
Description

SeAgentVrfRuntime

vrf_context

Type
VrfContext
Category
required
Description

vrf_id

Type
int32
Category
required
Description

ns_created

Type
bool
Category
required
Description

ns

Type
string
Category
required
Description

vnic

Type
SeAgentVnicRuntime
Category
repeated
Description

route

Type
SeAgentRoute
Category
repeated
Description

default_gw

Type
string
Category
optional
Description

previous_default_gw

Type
string
Category
optional
Description

VrfContext

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

static_routes

Type
StaticRoute
Category
repeated
Description

bgp_profile

Type
BgpProfile
Category
optional
Description
Bgp Local and Peer Info

system_default

Type
bool
Category
optional,readonly
Description
Default
False

gateway_mon

Type
GatewayMonitor
Category
repeated
Description
Configure ping based heartbeat check for gateway in service engines of vrf.

internal_gateway_monitor

Type
InternalGatewayMonitor
Category
optional
Description
Configure ping based heartbeat check for all default gateways in service engines of vrf.

debugvrfcontext

Type
DebugVrfContext
Category
optional
Description
Configure debug flags for VRF

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
optional
Description

cloud_ref

Type
Reference to Cloud
Category
optional
Description
Default
/api/cloud?name=Default-Cloud

StaticRoute

prefix

Type
IpAddrPrefix
Category
required
Description

next_hop

Type
IpAddr
Category
required
Description

if_name

Type
string
Category
optional
Description

route_id

Type
string
Category
required
Description

disable_gateway_monitor

Type
bool
Category
optional
Description
Disable the gateway monitor for default gateway. They are monitored by default.

BgpProfile

local_as

Type
uint32
Category
required
Description
Local Autonomous System ID

ibgp

Type
bool
Category
required
Description
BGP peer type
Default
True

peers

Type
BgpPeer
Category
repeated
Description
BGP Peers

keepalive_interval

Type
uint32
Category
optional
Description
Keepalive interval for Peers
Default
60

hold_time

Type
uint32
Category
optional
Description
Hold time for Peers
Default
180

send_community

Type
bool
Category
optional
Description
Send community attribute to all peers
Default
True

community

Type
string
Category
repeated
Description
Set the community attribute - "internet", "local-AS", "no-advertise", "no-export", : One or more of these can be configured with 1 <= AS,Val <= 65535

BgpPeer

remote_as

Type
uint32
Category
optional
Description
Peer Autonomous System ID
Default
1

peer_ip

Type
IpAddr
Category
required
Description
IP Address of the BGP Peer

subnet

Type
IpAddrPrefix
Category
required
Description
Subnet providing reachability for Peer

md5_secret

Type
string
Category
optional
Description
Peer Autonomous System Md5 Digest Secret Key

bfd

Type
bool
Category
optional
Description
Enable Bi-Directional Forward Detection. Only async mode supported.
Default
True

network_uuid

Type
string
Category
optional
Description
Network providing reachability for Peer
Default

advertise_vip

Type
bool
Category
optional
Description
Advertise VIP to this Peer
Default
True

advertise_snat_ip

Type
bool
Category
optional
Description
Advertise SNAT IP to this Peer
Default
True

advertisement_interval

Type
uint32
Category
optional
Description
Advertisement interval for this Peer
Default
5

connect_timer

Type
uint32
Category
optional
Description
Connect timer for this Peer
Default
10

keepalive_interval

Type
uint32
Category
optional
Description
Keepalive interval for this Peer
Default
60

hold_time

Type
uint32
Category
optional
Description
Hold time for this Peer
Default
180

GatewayMonitor

gateway_ip

Type
IpAddr
Category
required
Description
IP address of next hop gateway to be monitored

gateway_monitor_interval

Type
uint32
Category
optional
Description
The interval between two ping requests sent by the gateway monitor in milliseconds. If a value is not specified, requests are sent every second.
Default
1000

gateway_monitor_fail_threshold

Type
uint32
Category
optional
Description
The number of consecutive failed gateway health checks before a gateway is marked down.
Default
10

gateway_monitor_success_threshold

Type
uint32
Category
optional
Description
The number of consecutive successful gateway health checks before a gateway that was marked down by the gateway monitor is marked up.
Default
15

InternalGatewayMonitor

gateway_monitor_interval

Type
uint32
Category
optional
Description
The interval between two ping requests sent by the gateway monitor in milliseconds. If a value is not specified, requests are sent every second.
Default
1000

gateway_monitor_failure_threshold

Type
uint32
Category
optional
Description
The number of consecutive failed gateway health checks before a gateway is marked down.
Default
10

gateway_monitor_success_threshold

Type
uint32
Category
optional
Description
The number of consecutive successful gateway health checks before a gateway that was marked down by the gateway monitor is marked up.
Default
15

disable_gateway_monitor

Type
bool
Category
optional