1. Manage networks
1.1. Limit Public IP bandwidths for a VDC
This document describes how to set a bandwidth limit in a virtual datacenter for each public IP using quality of service (QoS) traffic shaping parameters.
You can also limit the bandwidth of NAT IPs. See Limit bandwidth of NAT IPs with QoS
This feature applies to public IPs in infrastructure and managed by NSX in vCenter and vCenter clusters.
Privilege: Manage bandwidth limit for public IPs
During an upgrade or when you create a virtual datacenter, the public IP bandwidth limit is disabled.
To use QoS, edit the limit to set a value. The platform will apply the value when you deploy or reconfigure a VM to use a public IP.
To edit the bandwidth limit:
Select the virtual datacenter
Go to Network → QoS
Click the pencil edit button
To activate the bandwidth limit in a specific direction, select the Enabled checkbox for that direction
For the Average, enter the amount of bandwidth, in bits per second, that each public IP in the virtual datacenter can use
For the Peak, enter the maximum bandwidth in bits per second that each public IP in the virtual datacenter can use
For the Burst size, enter the amount of data that can be transmitted at the peak bandwidth rate in bytes. A burst bonus accumulates when traffic is below the Average value and this bandwidth can be used for bursts
To register changes that were made outside the platform, save existing public IP bandwidth values.
In the API, to register changes, send a POST request with the existing values.
This feature sets the limits when you deploy or reconfigure a VM to use a public IP.
If you deploy a VM and the platform cannot configure the limit, then the deploy will fail and roll back. If you reconfigure a VM and try to add a public IP, and the limit fails, then the platform will roll back the reconfigure and delete the public IP address.
If you are working with multiple VMs and there are different switches involved, then the platform will make a best effort to update all of the VMs, and log any errors.
1.2. Reserve private IPs
2. Manage NAT
3. Manage firewalls
3.1. Introduction to firewalls
3.2. Display firewall policies
3.3. Synchronize firewall policies
3.4. Create a firewall policy
3.5. Edit firewall rules
You can define firewall rules for inbound and outbound traffic in your firewall policy.
In AWS, before you edit firewall rules, synchronize the firewall to update the rules because AWS will not allow you to create a rule that already exists in the security group. Remember that it may take some time for firewall rules to propagate throughout AWS. Until the rules have propagated, the platform will not be able to detect them. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/query-api-troubleshooting.html#eventual-consistency
To add a new firewall rule:
Select the virtual datacenter or location
Select the firewall
On the Firewall rules panel, click the pencil Edit button
Select the Inbound or Outbound tab for the traffic direction you wish to control
Enter the details of a rule
Protocol
Select from Common protocols, OR
Select and enter a Custom protocol
Port range with the Start port and End port that this rule will apply to.
To enter one port, enter the same value twice, or optionally apply the rule to a number of ports at the same time.
For Azure and GCP, you can enter:a single port, such as
80a range, such as
1024-65535a list of port/range, such as
80,1024-65535
Sources or Targets as a network address and netmask, or a comma separated list of these (with no spaces)
Click Add. The firewall rule will be added to the Firewall rules list
Enter more rules as required, then click Save
