1 2 Previous Next 19 Replies Latest reply on May 2, 2019 5:41 AM by tchristin

    Can VRA be considered as IPAM?

    sivakumarss Novice



      I am trying to deploy an Edge using IP addresses from a given network profile. Instead of manually entering the IP address, I want to find out (programmatically - VRO) the next available IP address for a given Network Profile of VRA. Is there any query/API to do this? The network profile isn't created with an external IPAM server. So, can I query VRA like I do any IPAM server?


      Short of iterating through the range and checking its existence in VM/DNS, are there any other method? This is VRA 7.3, BTW. Thanks

        • 1. Re: Can VRA be considered as IPAM?
          jasnyder Expert

          OK, so this requires a bit of a hack from the vRO side.  In order to get this information, you need to use the iaas-proxy-provider service from the vRA API.  There is no client available in the vRA plugin to access this API.  Even if you instantiate a vRA REST client using the vCACCAFEvCACHost.createRestClient() method, you have to provide an endpoint, which has to be one of a few possible choices.  One of those choices does not correspond to the iaas-proxy-provider endpoint.  So, then how can we hack it to make it work? 


          It turns out, you can instantiate a REST client using the catalog provider endpoint.  This points the REST client to /catalog-service/api/ as the URL base.  In order to escape that and go where we need to go which is /iaas-proxy-provider/api/ we get a little creative and use relative paths.  So from the base path of the catalog-service we can get to the iaas-proxy-provider service by adding ../../iaas-proxy-provider/api.  This gives us the full path as /catalog-service/api/../../iaas-proxy-provider/api.  We have now hacked the REST client to start with the catalog service and instead route requests to the iaas-proxy-provider. 


          The info we need from that service is in /iaas-proxy-provider/api/network/profiles to get a list of profiles.  Once you have an ID you can get a list of the IPs in the profile using /iaas-proxy-provider/api/network/profiles/addresses/{profileId}.   Once you get all the IPs, you can run through the list and check the state.  The first one you come across that's UNALLOCATED would be the first available IP.


          I have created a workflow and attached it for your reference.  For this example, I created a workflow that takes a single input called vCACCAFEHost which is type vCACCAFE:vCACHost.  It pulls all the network profiles and for each one prints its name and ID as well as all IPs contained within, including the IP's state.  It takes the first UNALLOCATED IP and stores it in the nextAvailable variable.


          It has a scriptable task that takes that single input and the script content is as follows:


          restClient = vCACCAFEHost.createRestClient("com.vmware.csp.core.cafe.catalog.api")


          netProfilesResponse = restClient.get("../../iaas-proxy-provider/api/network/profiles?limit=99999").getBodyAsJson();




          for(var p in netProfilesResponse.content)



              var nextAvailable = "";


              var profile = netProfilesResponse.content[p];

              System.log(profile.name + " - " + profile.id);


              ipListResponse = restClient.get("../../iaas-proxy-provider/api/network/profiles/addresses/" + profile.id + "?limit=99999").getBodyAsJson();

              System.log("IP JSON: " + JSON.stringify(ipListResponse));


              System.log("   IP List-----------");


              for(var i in ipListResponse.content)


                  var ip = ipListResponse.content[i];

                  System.log("        " + ip.IPv4Address + " - " + ip.state);

                  nextAvailable = (ip.state == "UNALLOCATED" && nextAvailable == "") ? ip.IPv4Address : nextAvailable;



              System.log("    ---Next Available IP= " + nextAvailable);





          Sample output:


          [2017-11-17 19:06:11.869] [I] {"links":[],"content":[{"@type":"ExternalNetworkProfile","id":"0187070e-4798-483c-90f2-787589377fdb","name":"VMPublic","description":null,"createdDate":"2017-02-02T02:32:50.000Z","lastModifiedDate":"2017-02-02T02:32:50.000Z","isHidden":"false","definedRanges":[{"id":"03b62281-d572-4dc8-9050-5f89939b34fd","name":"160-199","description":"","beginIPv4Address":"","endIPv4Address":"","state":"UNALLOCATED","createdDate":"2017-02-02T02:32:50.000Z","lastModifiedDate":"2017-02-02T02:32:50.000Z","definedAddresses":null,"externalId":null}],"definedAddresses":null,"reclaimedAddresses":null,"profileType":"EXTERNAL","IPAMEndpointId":null,"IPAMEndpointName":null,"addressSpaceExternalId":null,"subnetMask":"","gatewayAddress":"","primaryDnsAddress":"","secondaryDnsAddress":null,"dnsSuffix":"lab.itpowerforge.com","dnsSearchSuffix":"lab.itpowerforge.com","primaryWinsAddress":null,"secondaryWinsAddress":null}],"metadata":{"size":"99999","totalElements":"1","totalPages":"1","number":"1","offset":"0"}}

          [2017-11-17 19:06:11.871] [I] VMPublic - 0187070e-4798-483c-90f2-787589377fdb

          [2017-11-17 19:06:12.160] [I] IP JSON: [...removed for brevity...]

          [2017-11-17 19:06:12.162] [I]    IP List-----------

          [2017-11-17 19:06:12.163] [I] - ALLOCATED

          [2017-11-17 19:06:12.165] [I] - UNALLOCATED

          [2017-11-17 19:06:12.166] [I] - ALLOCATED

          [2017-11-17 19:06:12.167] [I] - ALLOCATED

          [2017-11-17 19:06:12.168] [I] - ALLOCATED

          [2017-11-17 19:06:12.169] [I] - ALLOCATED

          [2017-11-17 19:06:12.170] [I] - ALLOCATED

          [2017-11-17 19:06:12.171] [I] - UNALLOCATED

          [2017-11-17 19:06:12.172] [I] - ALLOCATED

          [2017-11-17 19:06:12.173] [I] - ALLOCATED

          [2017-11-17 19:06:12.175] [I] - ALLOCATED

          [2017-11-17 19:06:12.176] [I] - ALLOCATED

          [2017-11-17 19:06:12.177] [I] - ALLOCATED

          [2017-11-17 19:06:12.178] [I] - UNALLOCATED

          [2017-11-17 19:06:12.179] [I] - ALLOCATED

          [2017-11-17 19:06:12.181] [I] - ALLOCATED

          [2017-11-17 19:06:12.182] [I] - ALLOCATED

          [2017-11-17 19:06:12.183] [I] - UNALLOCATED

          [2017-11-17 19:06:12.184] [I] - ALLOCATED

          [2017-11-17 19:06:12.185] [I] - UNALLOCATED

          [2017-11-17 19:06:12.187] [I] - ALLOCATED

          [2017-11-17 19:06:12.188] [I] - ALLOCATED

          [2017-11-17 19:06:12.189] [I] - ALLOCATED

          [2017-11-17 19:06:12.190] [I] - UNALLOCATED

          [2017-11-17 19:06:12.191] [I] - UNALLOCATED

          [2017-11-17 19:06:12.192] [I] - UNALLOCATED

          [2017-11-17 19:06:12.193] [I] - ALLOCATED

          [2017-11-17 19:06:12.195] [I] - UNALLOCATED

          [2017-11-17 19:06:12.196] [I] - UNALLOCATED

          [2017-11-17 19:06:12.197] [I] - ALLOCATED

          [2017-11-17 19:06:12.198] [I] - ALLOCATED

          [2017-11-17 19:06:12.199] [I] - UNALLOCATED

          [2017-11-17 19:06:12.200] [I] - UNALLOCATED

          [2017-11-17 19:06:12.201] [I] - ALLOCATED

          [2017-11-17 19:06:12.202] [I] - UNALLOCATED

          [2017-11-17 19:06:12.203] [I] - ALLOCATED

          [2017-11-17 19:06:12.204] [I] - ALLOCATED

          [2017-11-17 19:06:12.205] [I] - UNALLOCATED

          [2017-11-17 19:06:12.207] [I] - ALLOCATED

          [2017-11-17 19:06:12.208] [I] - UNALLOCATED

          [2017-11-17 19:06:12.209] [I]     ---Next Available IP=

          2 people found this helpful
          • 2. Re: Can VRA be considered as IPAM?
            sivakumarss Novice

            Awesome. Let me try this workflow.


            Please do let me know how to make sure the IP address(es) used this way is marked ALLOCATED after. This way the VRA will not allocate the same IP addr to other VMs.


            • 3. Re: Can VRA be considered as IPAM?
              jasnyder Expert

              Well, maybe we should take a step back and try to understand what you're doing and why.  I don't know of any way to actually cause allocation of those IPs without provisioning a VM in vRA (the workflow simply queries them; doesn't allocate anything).  The vRA system going to want to tie the IP address it allocates to the entity consuming it and automatically return the IP to the pool once the entity no longer exists. 


              I am inferring from your statement that you want to allocate an IP from a network profile to a VM.  So I'm guessing the VM you want to give it to is being provisioned outside of vRA, is that correct?


              If yes - what are you provisioning it with and why does the IP allocation need to be programmatic?  Generally speaking, the IP addresses in the network profiles should represent IP ranges that are dedicated to vRA.


              If no - why not just let vRA handle the IP assignment for you?  Are you trying to perform some sort of pre-processing using the IP address before the machine is built?  You should be able to do that using the event broker callout to a workflow.  The IP address is allocated before the machine is built and you can fire a workflow after you know the IP but before the machine provisions, and that would be the ideal way to handle something like this.

              • 4. Re: Can VRA be considered as IPAM?
                sivakumarss Novice

                Not a VM. I am trying to provision a load balancer within NSX through LBAAS master workflow (part of the new NSX v1.2 plugin) after provisioning an edge (Compose an Edge). Instead of actual IP address, the input from user will be the network profile name.

                So, the Edge will be provisioned with the IP address for its interfaces in the given network profile and in addition to the load balancer(s) VIPs also.

                Hence my request to use the VRA infra as an IPAM.


                Or is there some other way to achieve this. Thanks

                • 5. Re: Can VRA be considered as IPAM?
                  unhappyvra Enthusiast



                  I have a similar question - i would like to "consume" ip address from vRAs IPAM (no Infoblox or other 3-rd party systems - just plain simple internal vRA IPAM) - does anybody know how to request IP address and associate it with current machine? It is not a problem to assign ip address to a new vmnic, but what if I want to get just another IP address (to use it on VM's sub-interface)?


                  Anyone familiar with this stuff - vRealize Automation IPAM Service API - VMware API Explorer - VMware {code}

                  • 6. Re: Can VRA be considered as IPAM?
                    SonalJain Novice
                    VMware Employees
                    Have you tried Floating IP action. This action helps to get the additional IP for the VM.
                    • 7. Re: Can VRA be considered as IPAM?
                      tchristin Novice


                      I'm also interested about any progress regarding IP allocation from vRO using vRA IPAM.

                      If you have any feedback since your post, please let me know.




                      • 8. Re: Can VRA be considered as IPAM?
                        CarlLink Novice

                        I would just like to get an IP for MSCS and/or MSSQL Clusters. MSSQL Clusters will also require "Listener" IP's on top of the cluster IP. Any idea on how to get these IPs from vRA?

                        Carl L.

                        • 9. Re: Can VRA be considered as IPAM?
                          Sany_1973 Enthusiast


                          Thank you for the code. Do we have a code to set the available IP as Allocate/Deallocate ?


                          • 10. Re: Can VRA be considered as IPAM?
                            Sany_1973 Enthusiast

                            When we use this code, we are getting next available free IP, but it is not shown as allocated in vra IP list.

                            I also looking for a code which will deallocate the IP if we destroy the Item.


                            • 11. Re: Can VRA be considered as IPAM?
                              DanieleUlrich Novice

                              Checkout this API:https://code.vmware.com/apis/424/vra-ipam#!/requests/createRequest


                              vRealize Automation IPAM Service API - VMware API Explorer - VMware {code}


                              It should be usable from vRO vCAFE library, at least I found this one var myvCACCAFEIpamRoutedNetworkProfile = new vCACCAFEIpamRoutedNetworkProfile() ;


                              I did not find the appropriate client (vCAFEHost.getClientxxxx), but I'm confident, that this is possible.





                              • 12. Re: Can VRA be considered as IPAM?
                                Luke Novice

                                I assume you are only trying to use vRA IPAM due to cost?


                                If so take a look at phpIPAM (https://phpipam.net/) which is open source and has an easy API. You can then use EBS in vRA to call vRO workflow which will do the API call(s) to phpIPAM

                                • 13. Re: Can VRA be considered as IPAM?
                                  Dell_Technologies Novice

                                  In the vRA API Explorer there is an POST method: "https://vRA.org.com/ipam-service/api/requests"

                                  This POST method described as "New request for ip allocation/deallocation".


                                  The body of this method should look like this (taken from the API explorer model):


                                    "lastUpdated": "2019-03-18T11:32:44.661Z",

                                    "createdDate": "2019-03-18T11:32:44.661Z",

                                    "requestType": "ALLOCATE",

                                    "providerCorrelationRequestId": "string",

                                    "tenantId": "string",

                                    "originalCallbackServiceId": "string",

                                    "id": "string",

                                    "version": 0,

                                    "requestInput": {

                                      "name": "string",

                                      "description": "string",

                                      "id": "string",

                                      "extensionData": {

                                        "entries": [


                                            "value": {},

                                            "key": "string"







                                  all the body parameters listed as "optional" except the "requestType" parameter which define the type of the request (i think its the only mandatory paramter).

                                  I tried to use this body scheme but I got an error in the response from the POST method :

                                  "Data Serialization Error"

                                  "Could not read message [acceptableTypes: [application/*+json, application/json]]"


                                  Which means that something in my body of the POST method is wrong.


                                  Could someone share his knowledge how to use this POST method correctly?

                                  • 14. Re: Can VRA be considered as IPAM?
                                    Sany_1973 Enthusiast

                                    In this ....where you are specify the network profile name to allocate IP

                                    1 2 Previous Next