Manage IP Sets

You can create an IP Set (an IP address group) and then add this group as the source or destination in a firewall rule. Such a rule can help protect physical machines from virtual machines or vice versa. Additionally, you can update and delete IP Sets by using the API.

Prerequisites

1	Log in to vCloud Air as an administrator. See Log in to vCloud Air for information.
2	Create a login session with vCloud Director. See Create a Session for a Virtual Data Center in a Service for information.

Procedure

To get the details about the IP Sets configured for an edge gateway, issue the following request:

GET https://vchs.vmware.com/hybridity/api/scope/scopeId/ipsets/[ipsetId]

In the request header, include the OATH token and the Accept header that you obtained when creating a login session:

Accept: application/json
Content-Type: application/json
X-Vcloud-Authorization: "vcloud-auth-token"

If the request is successful, the server returns HTTP response code 200 and the details of the IP Set configuration.

To create an IP Set, submit a POST request using the following request header:

POST https://vchs.vmware.com/hybridity/api/scope/scopeId/ipsets

In the request header, include the OATH token and the Accept header that you obtained when creating a login session:

Accept: application/json
Content-Type: application/json
X-Vcloud-Authorization: vcloud-auth-token

Include the following elements in the request body:

{
  "objectId": "string",
  "revision": number,
  "name": "string",
  "description": "string",
  "scope" : [ {
      "id" : "string",
      "name" : "string",
      "objectType" : "string",
    }, ]
  "value" : "string"
}

For a description of each element, see Schema for IP Sets and MAC Sets.

To delete an IP Set, issue the following DELETE request. (Include the IP Set ID you obtained in the previous step.)

DELETE https://vchs.vmware.com/hybridity/api/scope/scopeId/ipsets/ipsetId

In the request header, include the OATH token and the Accept header that you obtained when creating a login session.

The server returns status 204 NO CONTENT in the response header. The server does not return a response body.

What to do next

Add the IP Set to the configuration for the edge gateway firewall, the distributed firewall, and the server pool for the load balancer.