Network architecture options in the cloud

The options listed below are not the only available options. We list just the most popular of them.

Symbols:

The blue box is the Virtual Datacenter boundary.

Virtual Machine. It can also be considered as a group of virtual machines connected in one network.

Cloud Network - Virtual Switch. Networks created through the VMware Cloud Director interface in the Networks section.

Edge Gateway – a virtual router deployed at the edge between the VDC and the Internet. In addition to routing, it performs Firewall and NAT functions.

Addresses from the 192.168.0.0.0/16 network are private according to RFC1918.

Addresses from the 192.0.2.0/24 and 198.51.100.0/24 networks used in the examples below are globally routable according to RFC5737.

Option 1: Classic

 

This is how the network is configured automatically upon granting test access.

There is one globally routable address assigned to the Edge Gateway.

Virtual machines are connected to the network with private addresses (RFC1918) and communicate with hosts on the Internet via NAT on the Edge Gateway.

 

 

Option 2. Multiple IPs on the Edge Gateway

The Edge Gateway has 2 globally routable addresses assigned to it.

The virtual machines are connected to the network with private addresses (RFC1918) and communicate with hosts on the Internet via NAT on the Edge Gateway.

 

Option 3. Multiple networks

There are 2 globally routable addresses assigned to the Edge Gateway.

Virtual machines are connected in a network with private addresses (RFC1918) and communicate with hosts on the Internet via NAT on the Edge Gateway.

 

Option 4. Multiple Edge Gateway

 

There are 2 Edge Gateways deployed in the VDC.

The first Edge Gateway has 2 globally routable addresses assigned to it.

The second Edge Gateway has 1 globally routable address assigned to it.

The virtual machines are connected in a network with private addresses (RFC1918) and communicate with hosts on the Internet through NAT on the Edge Gateway.

Different Edge Gateways are connected on the 192.168.2.0/24 and 192.168.3.0/24 networks.

In case the 192.168.2.2.2 and 192.168.3.2 virtual machines need to communicate with each other over globally routable addresses, this Option is preferable to using Hairpin NAT on the Edge Gateway in terms of Firewall/NAT rule organization.

Option 5. Globally Routable IPs

 

This Option is designed to assign globally routable IP addresses to the network interfaces of virtual machines without using NAT on the Edge Gateway.

This can be useful if any of your protocols do not work properly over NAT or you want to deploy another virtual router such as Cisco CSR, Mikrotik CHR, Juniper SRX, etc. or you want to eliminate NAT for easy administration.

We provide globally routable IP addresses in subnets: /30, /29, /28 and more (upwards the number of addresses in the subnet).

The scheme below shows the subnet /30.

5 addresses are provided: the /30 subnet and 1 more address is assigned to the Edge Gateway.

Address assignment can be done as follows:

 

198.51.100.0 - subnet address (service address, cannot be assigned to a network interface)

198.51.100.1 - assigned to the internal Edge Gateway interface (service address, cannot be assigned to a network interface)

198.51.100.2 - free address (can be assigned to a network interface)

198.51.100.3 - broadcast address (service address, cannot be assigned to a network interface)

192.0.2.60 - assigned to the external interface of the Edge Gateway. Can be used via NAT (as described in Option 1). Cannot be deleted, used as Nexthop for network 198.51.100.0/30

To request a subnet, contact technical support and specify the desired subnet prefix (size).

Note: You cannot change the addressing of an already created Cloud Network. To change the addressing, you must disconnect the network from all VMs, delete it, and create a new network with the correct addressing. This is especially critical when it comes to a network with globally routable IP addresses.

To minimize service downtime when changing subnet size/addressing, we recommend planning the number of IP addresses in advance and purchasing a network of the required size.

Option 6. Virtual router over NAT

To deploy a virtual router instead of an Edge Gateway, it is not necessary to purchase a subnet of globally routable addresses. You can limit it to using NAT if your infrastructure allows for it.

An example is shown in the diagram below. The diagram shows a Mikrotik CHR as a virtual router.

 

  • Cloud Director, Edge Gateway, Network
  • 5 Users Found This Useful
Was this answer helpful?