Public IP address service

gcloud

1. Set your default project ID:

   gcloud config set project PROJECT_ID
   

2. Set a default region and/or zone:

   gcloud config set compute/region REGION

   gcloud config set compute/zone ZONE

For more information on the gcloud vmware tool, reviewing the Cloud SDK reference docs.

API

API examples in this documentation set use the cURL command-line tool to query the API. A valid access token is required as part of the cURL request. There are many ways to get a valid access token; the following steps use the gcloud tool to generate a access token:

1. Login to Google Cloud

   gcloud auth login
   

2. Generate access token and export to TOKEN

   export TOKEN=`gcloud auth print-access-token`
   

3. Verify that TOKEN is set properly

   echo $TOKEN
   
   Output:
   TOKEN
   

Now, use the authorization token in your requests to the API. For example:

curl -X GET -H "Authorization: Bearer \"$TOKEN\""  -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations

Python

Python code samples in this documentation use the VMware Engine library to communicate with the API. To be able to use this approach, the library needs to be installed and the Application Default Credentials should be configured.

1. Download and install the Python library

    pip install google-cloud-vmwareengine
   

2. Configure the ADC information by executing those command in your shell

     gcloud auth application-default login
   

   or use a Service Account key file

     export GOOGLE_APPLICATION_CREDENTIALS="FILE_PATH"
   

For more information about the library, visit the reference page or view code samples on GitHub.

Console

1. Access the VMware Engine portal.
2. Go to Network > Regional settings.
3. In the row corresponding to the region of interest, select Edit. If the region is not listed in the summary table, add the region by clicking Add region.
4. Toggle Public IP Service to Enabled.
   • To enable the public IP service, you must also enable the internet access network service.
   • It's possible to enable the internet access service and leave the public IP service disabled. If you do so, point-to-site VPN and public IP allocation are not available.
5. In the Edge Services CIDR field, enter the address range to use when addressing the VMware Engine public IP gateway (/26 address range).
6. Click Submit.

The status for the network service changes to Enabled when the operation is complete, usually after several minutes.

gcloud

Using the gcloud tool, run the following command to create network policy:

gcloud vmware network-policies create NETWORK_POLICY_NAME \
    --vmware-engine-network NETWORK_NAME --edge-services-cidr IP_RANGE \
    --location REGION --external-ip-access --internet-access

Replace the following:

• NETWORK_POLICY_NAME: the name for this network policy
• NETWORK_NAME: the network for this request, this must be in the format REGION-default
• IP_RANGE: the CIDR range to use for internet access and external IP access gateways, in CIDR notation. An RFC 1918 CIDR block with a "/26" prefix is required
• REGION: the region of the network

API

curl -X POST -H "Authorization: Bearer TOKEN"  -H "Content-Type: application/json; charset=utf-8" https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/networkPolicies?networkPolicyId=NETWORK_POLICY_NAME -d '{
  "vmwareEngineNetwork":"projects/PROJECT_ID/locations/REGION/vmwareEngineNetworks/NETWORK_NAME",
  "edgeServiceCidr":IP_RANGE,
  "internetAccess: {
    "enabled": true
   },
   "externalIp": {
     "enabled": true
   }
 }

Replace the following:

• NETWORK_POLICY_NAME: the name for this network policy.
• PROJECT_ID: the project ID for this request
• REGION: the region of the network
• IP_RANGE: the CIDR range to use for internet access and external IP access gateways, in CIDR notation. An RFC 1918 CIDR block with a "/26" prefix is required.
• NETWORK_NAME: the network this network policy applies to, must be in the format >REGION-default

Python

Create a new network policy with external_ip and internet_access set to True with the following function:

from google.api_core import operation
from google.cloud import vmwareengine_v1


def create_network_policy(
    project_id: str,
    region: str,
    ip_range: str,
    internet_access: bool,
    external_ip: bool,
) -> operation.Operation:
    """
    Creates a new network policy in a given network.

    Args:
        project_id: name of the project you want to use.
        region: name of the region you want to use. I.e. "us-central1"
        ip_range: the CIDR range to use for internet access and external IP access gateways,
            in CIDR notation. An RFC 1918 CIDR block with a "/26" suffix is required.
        internet_access: should internet access be allowed.
        external_ip: should external IP addresses be assigned.

    Returns:
        An operation object representing the started operation. You can call its .result() method to wait for
        it to finish.

    Raises:
        ValueError if the provided ip_range doesn't end with /26.
    """
    if not ip_range.endswith("/26"):
        raise ValueError(
            "The ip_range needs to be an RFC 1918 CIDR block with a '/26' suffix"
        )

    network_policy = vmwareengine_v1.NetworkPolicy()
    network_policy.vmware_engine_network = f"projects/{project_id}/locations/{region}/vmwareEngineNetworks/{region}-default"
    network_policy.edge_services_cidr = ip_range
    network_policy.internet_access.enabled = internet_access
    network_policy.external_ip.enabled = external_ip

    request = vmwareengine_v1.CreateNetworkPolicyRequest()
    request.network_policy = network_policy
    request.parent = f"projects/{project_id}/locations/{region}"
    request.network_policy_id = f"{region}-default"

    client = vmwareengine_v1.VmwareEngineClient()
    return client.create_network_policy(request)