Learn how to create, configure, and effectively manage your network (IP spaces, Edge gateways and providers, and private network) from the VCD on OVHcloud control panel.
Requirements
- a web browser
- a VMware Cloud Director on OVHcloud account with sufficient rights
- have read the VCD guides:
VMware Cloud Director - Network Concepts and Best Practices
VMware Cloud Director - The Fundamentals of VCD
VMware Cloud Director - Logging in to Your Organization
Instructions
Before creating a network, the main concept to understand with VMware Cloud Director is the IP space. For example, consider the default one created with your VCD organization:
The internal scope represents the entire IP of your future network, e.g. 192.168.0.0/24.
- IP ranges are IPs that you can request individually for your services (VMs not using DHCP, for example).
- IP prefixes are the IP subnet that you can use in your Edge Gateway, for example.
- IP ranges and IP prefixes cannot overlap and must be within the Internal Scope.
Create the IP space (recommended)
To connect to your VCD environment, follow this guide.
Under the Networking section, select the IP Spaces tab and click New.
General
The Create IP Space window will appear, where you can choose a name for your space and add an optional description.
Click NEXT to continue.
Network Topology
Leave all options in the Network Topology section disabled (unchecked) and click NEXT to continue.
Scope
Choose the internal and external scopes with which you want to access your network. The IP ranges must correspond to the internal scope of this IP space (the range of IPs you want to make available for your machines).
- Internal Scope: Represents the IPs used in this local data center south of Provider Gateway. The IPs in this scope are used to configure services and networks.
- External Scope: Represents IPs used outside the data center north of Provider Gateway. This value is used when automatically generating default SNAT rules.
Click NEXT to continue.
IP Ranges
Click ADD. IP prefixes must match the internal scope of this IP space.
Example: 172.19.0.2-172.19.0.100.
Click NEXT to continue.
IP Prefixes
Click ADD.
Then, add your sequences and prefixes.
Example: 10.0.0.0/23 | 1.
You can increase or decrease your number of prefixes with the (up/down) arrow:
The sequence addition is automatically added as a preview if it is conclusive.
Click NEXT to continue.
Review
In the final section review of all your settings. Once you have checked them, confirm your choices by clicking FINISH.
Create a data center group (optional)
This step is optional but recommended for the vast majority of use cases (e.g. when two VDC networks need to add up).
We will now create a data center group to optimize the management of our network with this new VCD feature.
Go to the Networking section, choose the Data Center Groups, tab, and click NEW.
Starting VDC
Select a vDC that will be part of the group. When you select a startup vDC, you can create a group in which this vDC can participate. Then, click on NEXT.
General
Choose the name of your data center group and a short description, then click NEXT.
Participating VDCs
Select the additional vDCs that you want to be part of the group, then click NEXT.
Review
Check your settings and confirm them by clicking FINISH.
Create an Edge Gateway (optional)
We will now create an Edge Gateway so that our IP space can be accessed via the private network.
To access the Edge Gateways section, choose the Networking section, select the Edge Gateways tab, and click NEW.
Scope
Here, you will see the window for creating an Edge Gateway for your VCD environment:
You can then choose between: Organization Virtual Data Center or Data Center Group.
- Organization Virtual Datacenter: Provides connectivity for VMs in the selected vDC only.
- Data Center Group: Provides connectivity for the VMs of all virtual domain controllers participating in the data center group.
Choose Organization Virtual Data Center or Data Center Group to select the virtual data center with which you want to install your new Edge Gateway and click NEXT.
General
In the general section, give your edge gateway a name and description.
Activate the Use IP Spaces slider. This forces the use of IP spaces with the Provider Gateways and optimizes the application of new intelligent VCD network space management techniques.
Click on NEXT to continue.
Provider Gateways
In the Provider Gateways section, choose the default gateway for your vDC provider and click NEXT.
Edge Cluster
Choose the Edge Cluster option for creating the edge gateway.
The Use the edge cluster of the provider Tier-0 Gateway options means that the edge cluster of the selected Tier-0 provider gateway will be used to keep the shortest network path.
When you have chosen your settings, click NEXT.
Ready to Complete
Once you have added the settings, you can check that everything is correct and click FINISH.
Create a private network
We will now create a new network and attach our preconfigured settings.
Choose the Networking section, select the Networks, tab, and click NEW.
Scope
- Organization Virtual Data Center: Provides connectivity for VMs in the selected vDC only.
- Data Center Group: Provides connectivity for the VMs of all virtual domain controllers participating in the data center group.
Select the Organization Virtual Data Center or the Data Center Group in which you want to create your network and click NEXT.
Network Type
Next, select the type of network you want to create.
You can create a routed or isolated Network type to suit your needs. The "routed" allows incoming traffic, while the "isolated" forbids it.
VCD definition:
- Routed: This type of network provides controlled access to machines and networks outside of the vDC or vDC group through an edge gateway.
- Isolated: This type of network provides a fully isolated environment, accessible only by this organization's vDC or vDC group.
For a routed network, if your vDC does not have an Edge Gateway available, you will get this error: The vDC “vDC-FR-GRA-XXX-XXX” has no Edge Gateway available.
You can either create another "Edge Gateway" or use the "Data Center Groups" available to provide connectivity for the VMs of all participating vDCs.
The Routed type of network provides controlled access to machines and networks outside of the vDC or vDC group through an edge gateway.
To continue, click NEXT.
Edge Connection
In the Edge Connection section, you will see your previously created Edge gateway.
- Distributed Routing: Edge gateway must have non-distributed routing enabled.
This would disable distributed routing so that all VM traffic passes through the service router.
Choose your Edge Gateway by clicking on the radio to the left of its name.
To continue, click NEXT.
General
In the general section, you can add the name of your network, a description, and the IP space created earlier.
If it has been created, it will automatically appear in the list (see the Gateway CIDR in the next screenshot).
Dual-Stack Mode: Enables the network to have one IPv4 subnet and one IPv6 subnet.
In this tutorials, we will leave this option disabled.
To continue, click NEXT.
Static IP Pools
Here, you can allocate your network’s IP range. In this example, we will allocate 98 IPs:
172.16.1.2-172.16.1.100
Once your IP range has been allocated, check that there is no space before and after the dash between the two IP ranges as well as before and after your two IPS.
To continue, click NEXT.
DNS
In this section, add the DNS servers for your network.
You can leave those used by default in the Hosted Private Cloud VMware on OVHcloud universe:
| DNS | |
|---|---|
| Primary | 213.186.33.99 |
| Secondary | not used |
| Suffix | not used |
To continue, click NEXT.
Segment Profile Templates (Optional)
Segment profile templates can be defined here.
This can be used for advanced networking needs (e.g. with pfSense: Promiscuous mode).
There are three modes:
- Not defined (the mode in this guide)
- Allow-DHCP
- Promiscuous mode
| Model details | Promiscuous mode |
|---|---|
| IP address discovery | NSX-T Default Segment Profile |
| MAC Discovery | Promiscuous mode |
| SpoofGuard | NSX-T Default Segment Profile |
| Quality of service | NSX-T Default Segment Profile |
| Segment Security | NSX-T Default Segment Profile |
| Model details | Allow-DHCP |
|---|---|
| IP address discovery | NSX-T Default Segment Profile |
| MAC Discovery | Promiscuous mode |
| SpoofGuard | NSX-T Default Segment Profile |
| Quality of service | NSX-T Default Segment Profile |
| Segment Security | Allow-DHCP |
Custom segment profiles are required in some specific situations:
- MAC or IP learning must be enabled for nested environments.
- Custom security profiles to allow DHCP traffic from a network
- Enabling spoofing protection
Ready to Complete
Do a final check of the settings you defined, then click FINISH.
Go further
For more information and tutorials, please see our other VMware Cloud Director support guides or explore the guides for other OVHcloud products and services.
If you need training or technical assistance to implement our solutions, contact your sales representative or click on this link to get a quote and ask our Professional Services experts for a custom analysis of your project.