InlineIpDiscoverySwitchingProfile1

InlineIpDiscoverySwitchingProfile1
InlineIpDiscoverySwitchingProfile1
JSON Example
{
    "arp_bindings_limit": 0,
    "arp_nd_binding_timeout": 0,
    "arp_snooping_enabled": false,
    "dhcp_snooping_enabled": false,
    "dhcpv6_snooping_enabled": false,
    "duplicate_ip_detection": {
        "duplicate_ip_detection_enabled": false
    },
    "nd_bindings_limit": 0,
    "nd_snooping_enabled": false,
    "trust_on_first_use_enabled": false,
    "vm_tools_enabled": false,
    "vm_tools_v6_enabled": false
}
integer As int32 As int32
arp_bindings_limit
Optional
Constraints: minimum: 1 maximum: 256 default: 1

Indicates the number of arp snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. This limit only applies to IPv4 addresses and is independent of the nd_bindings_limit used for IPv6 snooping.

integer As int32 As int32
arp_nd_binding_timeout
Optional
Constraints: minimum: 5 maximum: 120 default: 10

This property controls the ARP and ND cache timeout period.It is recommended that this property be greater than the ARP/ND cache timeout on the VM.

boolean
arp_snooping_enabled
Optional
Constraints: default: true

Indicates whether ARP snooping is enabled

boolean
dhcp_snooping_enabled
Optional
Constraints: default: true

Indicates whether DHCP snooping is enabled

boolean
dhcpv6_snooping_enabled
Optional

This option is the IPv6 equivalent of DHCP snooping.

DuplicateIPDetection
duplicate_ip_detection
Optional

Duplicate IP detection and control

integer As int32 As int32
nd_bindings_limit
Optional
Constraints: minimum: 2 maximum: 15 default: 3

Indicates the number of neighbor-discovery snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. This limit only applies to IPv6 addresses and is independent of the arp_bindings_limit used for IPv4 snooping.

boolean
nd_snooping_enabled
Optional

This option is the IPv6 equivalent of ARP snooping.

boolean
trust_on_first_use_enabled
Optional
Constraints: default: true

ARP snooping being inherently susceptible to ARP spoofing, uses a turst-on-fisrt-use (TOFU) paradigm where only the first IP address discovered via ARP snooping is trusted. The remaining are ignored. In order to allow for more flexibility, we allow the user to configure how many ARP snooped address bindings should be trusted for the lifetime of the logical port. This is controlled by the arp_bindings_limit property in the IP Discovery profile. We refer to this extension of TOFU as N-TOFU. However, if TOFU is disabled, then N ARP snooped IP addresses will be trusted until they are timed out, where N is configured by arp_bindings_limit.

boolean
vm_tools_enabled
Optional
Constraints: default: true

This option is only supported on ESX where vm-tools is installed.

boolean
vm_tools_v6_enabled
Optional

This option is only supported on ESX where vm-tools is installed.

Used By