Learn about the fundamental principles of networking and network optimization within VMware Cloud Director on OVHcloud.
Requirements
- a web browser
- a VMware Cloud Director account with sufficient user rights
- have read our VMware Cloud Director - The Fundamentals of VCD guide
Introduction to networking within VCD
To ensure a flexible and secure network infrastructure in a versatile cloud environment, VMware Cloud Director uses a layered networking architecture that includes four categories of networks:
- External networks
- Organizational vDC networks
- Data center group networks
- vApp networks
Most of these networks require additional infrastructure elements such as Edge Gateways and Network Pools. These infrastructure elements can be accessed through the VCD Dashboard, which has a Network
section with six tabs:
- Network
- Edge Gateways
- Provider Gateways
- IP Spaces
- Data Center Groups
- Security Tags
Additionally, each vDC has its own networking section, which can be found by:
- Selecting
Data Centers
from the top navigation bar. - Clicking the name of your vDC.
- Choosing Networking in the left-hand menu and choosing
Network
orEdges
.
Network offers and features
VCD on OVHcloud networking capabilities
Here are the main network features offered with the VCD on OVHcloud solutions.
Features | Standard | Advanced | Premium | Comments |
---|---|---|---|---|
Routing & Switching IPv4 | ✅ | ✅ | ✅ |
Not supported: OSPF, VRF Lite. |
Public IPv4 Range | ✅ | ✅ | ✅ | |
Private Network - vRack support | In Roadmap | |||
Routing & Switching IPv6 | In Roadmap | |||
VPN | ✅ | ✅ |
|
|
Load Balancing | Not supported with native VCD network capabilities | |||
Advanced Load Balancing | In Roadmap | |||
Advanced Network & Security | ✅ | ✅ | ||
vSAN Storage | ✅ |
Concepts and best practices
Recommendations in network space design and administration
Design Recommendation | Design Justification | Design Involvement |
---|---|---|
Create one or more Edge Gateways (Level 1 Gateways) per organization vDC. | Enables networking services for the organization's vDC. | None. |
Create data center groups, if there is a need to have Org vDC networks spanning multiple Org vDC's in an organization. | Simplifies Org vDC cross-functional connectivity. | Requires creation of datacenter groups in the VCD tenant. |
Use the IP Spaces feature instead of traditional IP block addressing. | Note: The delivery of all Spaces IP features spans several phases. | None. |
The network within VCD (concept)
Organizational virtual data center (vDC) networks enable vApps/VMs to communicate with each other or with networks external to the organization.
Organization vDC networks provide direct or routed connections to external networks, or can be isolated from external networks and other organization vDC networks. Routed connections require an Edge Gateway and a network pool in the organization vDC.
A recently created organization vDC does not have any available networks.
The types of network supported within an organization’s vDC are Direct, Isolated (Internal), and Routing.
- An organization’s vDC network that has a direct connection to one of the external networks provisioned by the system administrator and relies on vSphere resources.
- Direct networks are supported for organization vDCs that rely on NSX. Direct networks are accessible by multiple organization vDCs. Virtual machines belonging to different organization vDCs can connect to this network and see the traffic.
- A direct network provides direct Layer 2 connectivity to virtual machines outside of the organization vDC.
- Virtual machines outside of this organization vDC can connect directly to the virtual machines inside the organization vDC.
- Only OVHcloud can add a direct organization VDC network.
- Isolated networks can only be accessed by the same organization vDC.
- Only virtual machines located in this organization vDC can connect to the internal organization vDC network and see the traffic for it.
- Isolated networks are supported for organizational vDCs that rely on NSX or NSX Data Center for vSphere. The isolated organization vDC network provides an organization vDC with an isolated private network to which multiple virtual machines and vApp can connect.
- This network does not provide connectivity to virtual machines outside of the organization vDC. Machines outside the organization vDC cannot connect to machines inside the organization vDC.
- Routed networks can only be accessed by the same organization vDC.
- Only virtual machines inside this organization vDC can connect to this network.
- This network also provides controlled access to an external network. As a system administrator or organization administrator, you can configure Network Address Translation (NAT), Firewall, and VPN settings to make certain virtual machines accessible from the external network.
- Routed networks are supported for organizational vDCs that rely on NSX or NSX Data Center for vSphere.
Network pools (concept)
A network pool is a set of isolated Layer 2 network segments that you can use to design vApp networks and various types of vDC networks to suit your requirements.
Network pools must be set up before organization vDC networks and vApp networks. In their absence, the only network option for an organization is to connect directly to an external network.
IP spaces (recommended)
You can use a new way to manage your IP space in VMware Cloud Director on OVHcloud with the new IP space management subsystem.
An Edge Gateway can only connect to provider gateways that use IP spaces.
An IP space consists of a set of non-overlapping IP address ranges and small CIDR blocks that are reserved and used when consuming the IP space lifecycle. An IP space can be IPv4 or IPv6, but not both.
Since version (10.4.1), IP spaces have been part of the new features and are recommended for your network space needs.
There are two types of IP spaces that you can use as the Organization Administrator user:
- Public IP space: A public IP space is used by multiple organizations and is controlled by the Service Provider through a quota-based system.
- Private IP space: Private IP spaces are dedicated to a single tenant - a private IP space is used only by an organization specified when the IP space was created. For this organization, the consumption of IP addresses is unlimited.
Via the VCD Dashboard
To access the IP Spaces area of the VCD Dashboard, select the Network
section and then the IP Spaces
tab.
From there, you will see a left-side menu:
- Configuration
- General
- Network Topology
Network topologies are used to configure IP spaces to enable north-south traffic.
Default auto-configuration rules: Note that the internal and external scope of IP spaces must be configured if the default NAT rules are to be generated automatically. Default rules can be configured automatically on Edge Gateways and Provider Gateways by manually triggering them on them using the "Automatic Configuration" action.
- Allocation
- Floating IPs
- IP Prefixes (recommended)
You can set an IP prefix for automatic or manual use and prevent VMware Cloud Director from randomly assigning it.
If you no longer use an IP prefix that has been allocated to your IP space, you can free it up in the pool.
Data center groups (recommended)
Data center group networks are a type of organizational vDC network that is shared between one or more vDCs and to which vApps can connect.
When creating a network, you can join your data center group, which will then provide connectivity to the vApps/VMs of all participating vDCs.
To access the Data Center Groups area of the VCD Dashboard, select the Network
section and then the Data Center Groups
tab.
You can also (optionally) synchronize them. This synchronization action will check all associated vDCs to ensure that they are always realized and correctly configured.
Create or import network into datacenter group (optional)
Edge gateways (required)
VCD Edge Gateway allows an organization vDC network to route connectivity to internal networks, network address translation (NAT), firewall, IPsec tunnel mounting,
- VCD supports: IPv4 and IPv6 Edge Gateways.
DHCP mode (optional)
DHCP automates the assignment of IP addresses to virtual machines connected to the organization's vDC networks.
Three modes are available:
- Network: A new DHCP service directly associated with this network is used to obtain the DHCP IPs. Use network mode if the network is isolated or if you plan to detach the network from the perimeter.
- Relay: DHCP messages are relayed from virtual machines to designated DHCP servers in your physical DHCP infrastructure.
- Gateway: The Edge Gateway DHCP service is used to obtain DHCP IPs.
vApp networks (concept)
vApp networks allow virtual machines to communicate with each other or, by connecting to an organizational vDC network, with virtual machines in other vApps.
Limitations
From a general point of view, the only limitations you can find within VCD on OVHcloud are related to managed services.
A little less granularity when it comes to low-level configuration.
Of course, this can impact advanced networking features, although these features may be included in future phases.
IPsec VPN Limitations
- When adding an IPsec tunnel, the parameter of adding a route-based IPsec session (route based IPsec tunnel) is not supported within VCD on OVHcloud to date (see: Broadcom's official documentation).
Provider gateways limitations
- Provider gateways are clearly visible, but cannot be modified (like a managed service).
NSX limitations
- You do not have access to the NSX control panel for your Hosted Private VMware Cloud Director on OVHcloud.
Load Balancer limitations
- The features of Load Balancing within VCD on OVHcloud are not available at the moment.
IAM limitations
- IAM is not available within VMware Cloud Director on OVHcloud at this time.
Go further
To strengthen your network knowledge within the OVHcloud universe, visit our Network webpage.
For more information and tutorials, please see our other VMware Cloud Director support guides or explore the guides for other OVHcloud products and services.
If you need training or technical assistance to implement our solutions, contact your sales representative or click on this link to get a quote and ask our Professional Services experts for a custom analysis of your project.