NSX-T and AVI networks via policy api


In 2019 AVI Networks was acquired by VMware.
In NSX-T, AVI Networks is also known as NSX Advanced Loadbalancer.
VMware is working hard integrating AVI into NSX-T.
This blog shows you how to be able to create objects in the AVI controller via the NSX-T policy API.
The tool I am using for the API calls is Postman.
VMware NSX-T API guide can be found here.

I assume that NSX-T and AVI are already installed.

Why would you want this

Since NSX-T version 3.1.1, VMware added a possibility to create objects in the AVI controller via the NSX-T policy API.
This allows you to talk to the AVI API via the NSX-T API. This will give you one API endpoint to use instead of two.

Api calls are described in chapter of the NSX-T API guide

Getting started

I will not spend too much time on how to integrate NSX-T and AVI in the first place.
You can check out AVI documentation

The following screenshot shows my setup. My cloud is named “nsxt-cloud”

AVI controller cloud overview
AVI controller NSX-T cloud overview

Use the API to create the enforcement-point

Use your favorite API client to create the enforcement point.
In this examples, I am using Postman
“username”: this is the AVI controller username
“password”: this is the AVI controller password for the username
“cloud”: this is cloud name as defined as above
“version”: The AVI version you are running (can be found in the top right corner of the AVI GUI)

“enforcement_point_address”: The ip address of the AVI controller

PATCH https://<nsx-manager-ip>/policy/api/infra/sites/default/enforcement-points/avi-ep 
With body text in JSON format:
"connection_info": {
"username": "admin",
"password": "VMware1!VMware1!",
"cloud": "nsxt-cloud",
"version": "20.1.4",
"tenant": "admin",
"enforcement_point_address": "",
"resource_type": "AviConnectionInfo"
screenshot from Postman

To verify the enforcement-point

GET https://<nsx-manager-ip>/policy/api/infra/sites/default/enforcement-points/avi-ep

API examples

In this example I get a health monitor name “System-DNS” from the API

GET https://<nsx-manager-ip>/policy/api/v1/infra/alb-health-monitors/System-DNS

Getting System-DNS info from API

Example of creating a health monitor

In this example I create a health monitor named “httpMonitor” from the API

PATCH https://<nsx-manager-ip/policy/api/v1/infra/alb-health-monitors/httpMonitor
With body text (JSON):

    "failed_checks": 2,
    "http_monitor": {
        "exact_http_request": false,
        "http_request": "GET / HTTP/1.0",
        "http_response_code": [
    "is_federated": false,
    "receive_timeout": 4,
    "send_interval": 6,
    "successful_checks": 2,
    "type": "HEALTH_MONITOR_HTTP",
    "resource_type": "ALBHealthMonitor",
    "id": "httpMonitor",
    "display_name": "httpMonitor"


According to the documentation, you can reload and sync the enforcement point.
Unfortunately, it does not give me what I expect from it.
I deleted a health monitor, created via NSX-T policy API, by hand in the AVI controller, and tried the following two commands. But the health monitor did not come back in the AVI controller. It is still existing in the NSX-T policy API

POST https://<nsx-manager-ip>/policy/api/v1//infra/sites/default/enforcement-points/avi-ep?action=reload

POST https://<nsx-manager-ip>/policy/api/v1//infra/sites/default/enforcement-points/avi-ep?action=full-sync


VMware is working hard with the integration of AVI Networks.
It works, but there are improvement points 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s