Create an Edge Gateway

An Edge Gateway is a virtual router for organization VDC networks. You can configure it to provide network services such as DHCP, firewall, NAT, static routing, VPN, and load balancing.

Starting with vCloud Director 9.7, the compute workload and the networking workload are isolated by using different vSphere resource pools and storage policies. Edge Gateways reside on edge clusters that you must previously create. See Working with NSX Data Center for vSphere Edge Clusters in VMware Cloud Director.

You can migrate legacy edge gateways to the corresponding edge clusters by redeploying these edge gateways. See #GUID-2C9F5A28-8D10-4968-AC5A-20F60339CADF.

Important:

Starting with version 9.7, VMware Cloud Director supports only advanced edge gateways. You must convert any legacy non-advanced edge gateway to an advanced gateway. See https://kb.vmware.com/kb/66767.

An Edge Gateway can support up to ten interfaces. These interfaces are categorized as uplinks when they connect to an external network, and internal interfaces when they connect to an organization VDC network. You must specify at least one uplink interface when you create an Edge Gateway. All uplink interfaces on an Edge Gateway must connect to an external network available in the Provider VDC that backs the organization VDC in which you are creating the Edge Gateway. Internal interfaces are created automatically when you create a routed organization VDC network that connects to an Edge Gateway.

Prerequisites

This operation is restricted to system administrators.
An Edge Gateway requires an organization VDC backed by a Provider VDC that contains at least one external network.
If you want to deploy the Edge Gateway on a dedicated edge cluster, create and assign an edge cluster to the organization virtual data center. See Working with NSX Data Center for vSphere Edge Clusters in VMware Cloud Director.

Procedure

Choose an organization VDC to contain the Edge Gateway.
Choose an external network to use for the Edge Gateway's initial uplink interface.
This external network must be one of the networks listed in the AvailableNetworks element of the Provider VDC that backs the organization VDC in which you are creating the Edge Gateway. Follow these steps to find a suitable external network.
1. Retrieve the XML representation of the organization VDC in which you are creating the Edge Gateway.
  Use a request like this one:
```
GET https://vcloud.example.com/api/admin/vdc/44
```
  The ProviderVdcReference element in the response contains a reference to the Provider VDC that backs this organization VDC.
```
<AdminVdc ...>
   ...
   <ProviderVdcReference
      type="application/vnd.vmware.admin.providervdc+xml"
      name="PVDC-Example"
      href="https://vcloud.example.com/api/admin/extension/providervdc/35"
   ...
</AdminVdc>
```
2. Retrieve the the XML representation of the Provider VDC.
  Use a request like this one:
```
GET https://vcloud.example.com/api/admin/extension/providervdc/35
```
  The AvailableNetworks element in the response lists the external networks that are available to that Provider VDC, and to all the organization VDCs that it supports.
```
<vmext:VMWProviderVdc ... >
   ...
   <vcloud:AvailableNetworks>
      <vcloud:Network
         type="application/vnd.vmware.admin.network+xml"
         name="VC1-VLAN48"
         href="https://vcloud.example.com/api/admin/network/297" />
      <vcloud:Network ... />
      <vcloud:Network ... />
   </vcloud:AvailableNetworks>
   ...
</vmext:VMWProviderVdc>
```
  Choose an available external network to provide the initial interface for the new Edge Gateway. See Create an Edge Gateway for more information about criteria for choosing an external network.
Create an EdgeGateway element.
In the GatewayInterfaces element, create a GatewayInterface element that defines an uplink interface.
- Specify uplink for the InterfaceType.
- Include the external network reference you retrieved in Step 2 in the Network element.
  If you assigned an edge cluster to the organization VDC, you must select external networks that are accessible to this cluster.
- If you plan to create a NAT service or load balancer service in the Edge Gateway, you must create an IP sub-allocation for the uplink by including a SubnetParticipation element in the GatewayInterface element. IP addresses in the range you specify in this element are reserved for use by this Edge Gateway.
For information about additional elements that an EdgeGateway can contain, see Create an Edge Gateway and the schema reference.
POST the EdgeGateway element to the URL for adding Edge Gateways to the organization VDC.

Results

The server takes the requested action and returns an XML representation of the partially-created object. This representation includes an href attribute, properties specified in the creation request, and an embedded Task element that tracks the creation of the object. When the task completes, the object has been created, and you can use the value of the href attribute with a GET request to retrieve the XML representation of the object.

See the response portion of Create an Edge Gateway.

Example: Create an Edge Gateway

This example adds an Edge Gateway to the organization VDC created in Add a VDC to an Organization. The uplink interface specifies one of the networks shown in Step b.

Request:

POST https://vcloud.example.com/api/admin/vdc/44/edgeGateways
Content-Type: application/vnd.vmware.admin.edgeGateway+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<EdgeGateway
   name="theEdge"
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <Description>Example Edge Gateway</Description>
   <Configuration>
      <GatewayBackingConfig>compact</GatewayBackingConfig>
      <GatewayInterfaces>
         <GatewayInterface>
            <Name>uplink1</Name>
            <DisplayName>uplink1</DisplayName>
            <Network href="https://vcloud.example.com/api/admin/network/297" />
            <InterfaceType>uplink</InterfaceType>
            <SubnetParticipation>
               <Gateway>10.147.115.190</Gateway>
               <Netmask>255.255.255.0</Netmask>
            </SubnetParticipation>
         </GatewayInterface>
      </GatewayInterfaces>
      <HaEnabled>false</HaEnabled>
      <UseDefaultRouteForDnsRelay>false</UseDefaultRouteForDnsRelay>
   </Configuration>
</EdgeGateway>

The response is an EdgeGateway element with an embedded Task element that tracks the creation of the Edge Gateway object.

The response includes a number of Link elements that you can use to manage the new Edge Gateway. It also includes an EdgeGatewayServiceConfiguration element that contains a simple FirewallService, which drops all incoming and outgoing packets, effectively blocking all traffic through the Edge Gateway. This service is created by default if you do not specify an EdgeGatewayServiceConfiguration when you create the EdgeGateway. To remove or modify it, see Configure Edge Gateway Services.

Response:

<?xml version="1.0" encoding="UTF-8"?>
<EdgeGateway
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="theEdge"
   id="urn:vcloud:gateway:2000"
   href="https://vcloud.example.com/api/admin/edgeGateway/2000" ... >
   <Link
      rel="edit"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000"
      type="application/vnd.vmware.admin.edgeGateway+xml" />
   <Link
      rel="remove"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000" />
   <Link
      rel="up"
      href="https://vcloud.example.com/api/admin/vdc/44"
      type="application/vnd.vmware.admin.vdc+xml" />
   <Link
      rel="edgeGateway:redeploy"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000/action/redeploy" />
   <Link
      rel="edgeGateway:configureServices"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000/action/configureServices"
      type="application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml" />
   <Link
      rel="edgeGateway:configureSyslogServerSettings"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000/action/configureSyslogServerSettings"
      type="application/vnd.vmware.vcloud.SyslogSettings+xml" />
   <Link
      rel="edgeGateway:reapplyServices"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000/action/reapplyServices" />
   <Link
      rel="edgeGateway:syncSyslogSettings"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000/action/syncSyslogServerSettings" />
   <Link
      rel="edgeGateway:upgrade"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000/action/upgradeConfig" />
   <Link
      rel="edgeGateway:modifyFormFactor"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000/action/modifyFormFactor"
      type="application/vnd.vmware.vcloud.edgeGatewayFormFactor+xml" />
   <Description>Example Edge Gateway</Description>
   <Tasks>
      <Task
         ...
         operation="Creating EdgeGateway theEdge(2000)"
         operationName="networkEdgeGatewayCreate"
         serviceNamespace="com.vmware.vcloud"
         ... >
         .                   
         .
         .
       </Task>
   </Tasks>
   <Configuration>
      <GatewayBackingConfig>compact</GatewayBackingConfig>
      <GatewayInterfaces>
         <GatewayInterface>
            <Network
               href="https://vcloud.example.com/api/admin/network/297"
               name=""
               type="application/vnd.vmware.admin.network+xml" />
            <InterfaceType>uplink</InterfaceType>
            <SubnetParticipation>
               <Gateway>10.147.115.190</Gateway>
               <Netmask>255.255.255.0</Netmask>
               <UseForDefaultRoute>false</UseForDefaultRoute>
            </SubnetParticipation>
            <ApplyRateLimit>false</ApplyRateLimit>
            <UseForDefaultRoute>false</UseForDefaultRoute>
         </GatewayInterface>
      </GatewayInterfaces>
      <EdgeGatewayServiceConfiguration>
         <FirewallService>
            <IsEnabled>true</IsEnabled>
            <DefaultAction>drop</DefaultAction>
            <LogDefaultAction>false</LogDefaultAction>
         </FirewallService>
      </EdgeGatewayServiceConfiguration>
      <HaEnabled>false</HaEnabled>
      <UseDefaultRouteForDnsRelay>false</UseDefaultRouteForDnsRelay>
      <AdvancedNetworkingEnabled>false</AdvancedNetworkingEnabled>
   </Configuration>
</EdgeGateway>