To change the configuration of a vApp network, you retrieve the NetworkConfigSection element of the vApp, modify it, and use it with a PUT request to update the section.

Prerequisites

This operation requires the rights included in the predefined vApp Author role or an equivalent set of rights.

Procedure

  1. Retrieve the vApp's NetworkConfigSection.
  2. Modify the returned NetworkConfigSection as needed.

    Request bodies must contain all required elements and attributes, even if you are not changing their values. Because optional elements and attributes typically revert to default values if they are omitted or empty, it is a best practice to include optional elements in request bodies that modify existing objects. Link elements and href attributes from responses do not need to be included in modified sections. Some elements and attributes are read-only and cannot be modified. See the schema reference for details.

  3. Update the NetworkConfigSection in the vApp.
    Find the Link element in the section where rel="edit". Make a PUT request to the URL in that link's href attribute value, and supply the modified section as the request body.

Example: Update a NetworkConfigSection

This example modifies the NetworkConfigSection that was retrieved in Retrieve a NetworkConfigSection. The modifications change the FenceMode value to natRouted and add a Features element that defines several network features that are useful to an FTP server that must be reachable from the public Internet, but only at the FTP and SSH ports. The modifications add the following items:

  • A set of FirewallRules that allow TCP traffic to ports 21 and 22. Because these rules require you to specify a single IP address on the inside of the firewall, the IpScope element is modified to limit the range of IP addresses available on the vApp network to a single address. Any virtual machine that connects to the vApp network defined in this NetworkConfigSection is given this address.
  • A NatService element that maps a routable external IP address to the internal IP address allocated to the Vm by the vApp network. The VAppScopedVmId value in this element is taken from the VAppScopedLocalId element of the Vm and the VmNicId value is taken from its PrimaryNetworkConnectionIndex. See Configuration Links in a Vm Element.

For more information about these and other network services in vApp networks, see Network Services in vApp Networks

This request, like all request bodies derived from a response, omits the Link elements and href attributes that were part of the retrieved NetworkConfigurationSection. It also omits the IsDeployed element of the NetworkConfig. These elements and attributes are created by the server and are read-only. They are ignored if you include them in a request. Read-only elements are noted in the schema reference.

Request:
PUT https://vcloud.example.com/api/vApp/vapp-7/networkConfigSection/
Content-type: application/vnd.vmware.vcloud.networkConfigSection+xml
...
<NetworkConfigSection
   xmlns="http://www.vmware.com/vcloud/v1.5"
   xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1">
   <ovf:Info>Configuration parameters for logical networks</ovf:Info>
   <NetworkConfig
      networkName="vAppNetwork">
      <Configuration>
         <IpScopes>
            <IpScope>
               <IsInherited>false</IsInherited>
               <Gateway>10.147.56.253</Gateway>
               <Netmask>255.255.255.0</Netmask>
               <Dns1>10.147.115.1</Dns1>
               <Dns2>10.147.115.2</Dns2>
               <DnsSuffix>example.com</DnsSuffix>
               <IpRanges>
                  <IpRange>
                     <StartAddress>10.147.56.1</StartAddress>
                     <EndAddress>10.147.56.1</EndAddress>
                  </IpRange>
               </IpRanges>
            </IpScope>
         </IpScopes>
         <ParentNetwork
            type="application/vnd.vmware.vcloud.network+xml"
            name="Internet"
            href="https://vcloud.example.com/api/network/54" />
         <FenceMode>natRouted</FenceMode>
         <Features>
            <FirewallService>
               <IsEnabled>true</IsEnabled>
               <FirewallRule>
                  <IsEnabled>true</IsEnabled>
                  <Description>FTP Rule</Description>
                  <Policy>allow</Policy>
                  <Protocols>
                     <Tcp>true</Tcp>
                  </Protocols>
                  <DestinationPortRange>21</DestinationPortRange>
                  <DestinationIp>10.147.115.1</DestinationIp>
                  <SourcePortRange>any</SourcePortRange>
                  <SourceIp>any</SourceIp>
                  <EnableLogging>false</EnableLogging>
               </FirewallRule>
               <FirewallRule>
                  <IsEnabled>true</IsEnabled>
                  <Description>SSH Rule</Description>
                  <Policy>allow</Policy>
                  <Protocols>
                     <Tcp>true</Tcp>
                  </Protocols>
                  <DestinationPortRange>22</DestinationPortRange>
                  <DestinationIp>10.147.115.1</DestinationIp>
                  <SourcePortRange>any</SourcePortRange>
                  <SourceIp>any</SourceIp>
                  <EnableLogging>false</EnableLogging>
               </FirewallRule>
            </FirewallService>
            <NatService>
               <IsEnabled>true</IsEnabled>
               <NatType>ipTranslation</NatType>
               <Policy>allowTraffic</Policy>
               <NatRule>
                  <OneToOneVmRule>
                     <MappingMode>automatic</MappingMode>
                     <VAppScopedVmId>3963994b-5a0a-48fe-b9ae-7f9a2d8e8e5b</VAppScopedVmId>
                     <VmNicId>0</VmNicId>
                  </OneToOneVmRule>
               </NatRule>
            </NatService>
         </Features>
      </Configuration>
   </NetworkConfig>
</NetworkConfigSection>
Response:
202 Accepted
Content-Type: application/vnd.vmware.vcloud.task+xml
...
<Task ... operation="Updating Virtual Application Linux FTP server (7)" ...>
   ...
</Task>
Important: Whenever you modify a vApp network, as we do in this example, you must be sure that the modifications are consistent with the network connection requirements of the virtual machines in the vApp. The vApp in this example contains a single virtual machine. Its NetworkConnection element, shown in Configuration Links in a Vm Element, specifies an IP address that will not be available after the vApp network is reconfigured as shown here. Update a NetworkConnectionSection corrects this problem. This example uses the IpScope element to restrict the IP addresses available on a vApp network. It is usually more practical to use a wide range of addresses available on a vApp network and apply any firewall-related IP address restrictions by modifying the NetworkConnectionSection of the Vm to which the FirewallRules apply, as shown in Update a NetworkConnectionSection. A wider range of IP addresses allows you to modify this vApp to include additional virtual machines, and the IP address restriction applied in Update a NetworkConnectionSection allows the FirewallRules in this example to remain valid.