Bulk Create NSX-T Segments Using A Postman Data File

Imagine this, you’ve been tasked with implementing micro-segmentation in your vSphere environment. You just deployed and configured NSX-T and the next step is to migrate VMs from their VDS port groups to N-VDS segments.

You fire up the vSphere Client and expand the VDS to have a look at the current situation:

vds port groups

It’s pretty bad.

Turns out your VMs are connected to no less than 784 different port groups! Overlay networking/consolidation and re-IP are currently not part of the plan so you’re stuck with these 784 VLANs. You now realize that you need to create 784 VLAN backed segments in NSX-T. Life sucks.

Postman to the rescue

In today’s short post I want to share an easy way that can help you out in a scenario like the one above. It involves the NSX-T Policy API, Postman, and a text file. Let’s go!

Step 1 – Prepare the CSV file

First we need to create a simple text file that contains values for the NSX-T segments and their corresponding VLAN IDs. The format of the comma separated text file is as follows:

segment_name, vlan_id
vlan-1000, 1000
vlan-1001, 1001
vlan-1002, 1002
vlan-1003, 1003
....
....
vlan-1783, 1783

For “segment_name” you use whatever fits your naming convention. I’m saving this file as “segments.csv”:

segments.csv

Step 2 – Prepare the Postman request

We’re going to leverage the NSX-T Hierarchical API to create these segments by making a PATCH request to:

https://{{nsx-manager-fqdn}}/policy/api/v1/infra

Only a small piece of JSON code is needed in the request body:

{
 "resource_type": "Infra", "children": [{
 "resource_type": "ChildSegment", "marked_for_delete": "false", "Segment": {
 "resource_type": "Segment",
 "type": "DISCONNECTED",
 "id": "{{segment_name}}",
 "display_name": "{{segment_name}}",
  "vlan_ids": [
         "{{vlan_id}}"
       ],
 "path": "/infra/segments/{{segment_name}}",
 "relative_path": "{{segment_name}}",
 "parent_path": "/infra/segments/{{segment_name}}",
 "transport_zone_path": "/infra/sites/default/enforcement-points/default/transport-zones/e82afbae-c811-48e1-8946-6e1f62b67871"
 } }]
 }

As you can see the variables “{{segment_name}}” and “{{vlan_id}}” are used a couple of times in this piece of code. Their values will be fetched from the matching columns in the ”segments.csv”.

The value for “transport_zone_path” is unique in every NSX-T deployment. You can easily find the ID of your VLAN transport zone in the NSX Manager UI under System > Configuration > Fabric > Transport Zones:

tz id

Putting it all together the Postman request will look like this:

postman request

I’m saving this request as “Create NSX-T Segments with data file” in a new collection folder called “NSX-T”.

Step 3 – Start the Postman Runner

Click the Runner button to start the collection runner:

collection runner

In the next screen you select the saved request:

select request to run

We need to configure a couple of things for this run. The table below lists my settings:

SettingValueComment
EnvironmentYour NSX-T environment Have a look at this post for more information about working with Postman environments.
Iterations784We have 784 segments in our data file.
Datasegments.csvThe data file.
runner settings

After selecting your data file you can click the Preview button just to verify that Postman is interpreting the data correctly:

preview

Looks pretty good to me. Time to press the big button:

run nsx-t

Running these 784 iterations will take a couple of minutes. You can monitor the progress in the “Run Results” screen:

runner progress

Notice the “200 OK” status for each iteration which is the NSX-T API’s response to the requests and means it was processed successfully.

Once the Runner is finished it’s time to have a look in the NSX Manager UI under Networking > Connectivity > Segments to see if new segments have been created:

segments

That certainly seems to be the case. All of the 784 VLAN backed segments are there and configured with the correct transport zone and VLAN ID:

segment detail

Summary

Bulk creating or modifying NSX-T objects can be done in a number of different ways. If coding is your thing you’ll probably have little trouble putting together a tool for this using your preferred language. If you’re more into scripting you can use something like PowerShell. And if you like to work really slow you can always turn to the NSX Manager UI.

For everybody else there’s Postman. Using this tool in combination with data files offers an easy and quick way for creating or modifying large amounts of NSX-T objects.

You can read more about the NSX-T Policy API in the NSX Policy API: Getting Started Guide. To learn more about working with Postman data files check out this tutorial.

Have fun!