Getting Started with the NSX SD-WAN by VeloCloud API

As with any proper Software-Defined solution, NSX SD-WAN by VeloCloud has an API to automate against. To be precise, the Orchestrator has an API to automate against. As you might have read in my post about the NSX SD-WAN by VeloCloud Basics, the Orchestrator is the centralized management interface of the SD-WAN.

The Orchestrator provides you with a JSON-RPC API, which means you call it over HTTPS. It’s not a RESTful API, as all calls go through a POST query and authentication is handled in a somewhat strange way (more on that later). There are about 140 API endpoints available, ranging from getting statistics from Edges to executing a failover of an Orchestrator cluster.

Documentation

Centralization of the NSX SD-WAN documentation is still happening, so it’s a bit hard to find documentation. A direct link for the Programmer’s Guide can be found here and the Swagger documentation can be found here.

You’ll find references to the SDK in the guide and Swagger docs. More on the SDK later.

Things you should know

I already mentioned this, but all API calls will be an HTTP POST call. As most APIs have a combination of GET, POST, PUT or DELETE calls – it takes some getting used to.

Something else that is unlike other APIs, is that the authentication works via cookie session. You call the authentication endpoint and if authentication succeeds, a cookie is stored that allows you to call other API endpoints.

My last note before we dive into it is about the role-based access system. The Orchestrator is built up as a 3-tier cake: the top level is Operator; the middle is Partner and lower layer is Customer. The Operator is root and the Partner can manage multiple Customer accounts. This is why you will need to get an Enterprise ID to work with. This Enterprise ID will identify the customer account you’re working with.

Authentication

Let’s get started. Before doing anything else, you need to authenticate and build a session which you can use to call the API further. This is the authentication endpoint:

Interpreting the results of this call is going to be a bit unorthodox. Looking at the HTTP status code is not a clear indicator of success or failure. See if you can spot it, here’s a failed login attempt (trimmed header a bit):

Returning the status code 302 and a cookie called ‘velocloud.message’ with the value ‘Login failed’ is what you need to look for. Now on to the login success:

Check for status code 200 and store the velocloud.session cookie for future use. Send the cookie with all calls you make from here on out.

Get the Enterprise ID

Most of the API endpoints require that you provide an enterprise ID. There are 2 ways to get it; the fun way and a simple way. For the latter, you can simply log in to the Orchestrator and grab the second number:

That’s your enterprise ID. Now for the fun way; the API. This is also useful when using Partner credentials and searching for a bunch of enterprise IDs. Here’s the call:

Don’t forget to provide the authenticated session via the cookie. The result will look like this:

The value of id (so 2) is the enterprise ID. Save it and move on to what you actually want to do.

Getting Edges

Time to do something fun! Everything above is about necessary administration to be able to do other things. I’ll show you how to retrieve a list of Edges registered under the customer account with the ID we just saved.

You can also look for a specific Edge if you know its ID. If you know the ID and want to filter on that, include “id”: x in the JSON body.

Here is an example of a result that you can expect:

Having pruned a lot of the resulting output, there is a lot of useful information there.



Share the wealth!

3 Comments

  1. Thanks for posting this article. There aren’t too many resources re: the VeloCloud Orchestrator SDK/API. Looking fwd to more!

  2. What are you using to post? Is that your actual code above? I have been using CURL which is not as easy as you make it look above. Thanks

    • Martijn

      September 17, 2018 at 19:12

      Yikes, I need to do something about the background colors in the comment, so hopefully you can read this…

      The above examples are made using the Postman REST client, but it’s not literal screenshots to save space. CURL can be used, but you need to make sure you use the “–cookie-jar cookies.file” parameter to save the session between calls.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2018 Lostdomain

Theme by Anders NorénUp ↑