Virtual data centers use the VMware vCloud Networking and Security Edge Gateway (called “the gateway” in this guide) to provide external network connectivity.

The following components comprise the default setup for networks and gateways in Virtual Private Cloud OnDemand. VMware manages the external network for connectivity to the Intranet. In Virtual Private Cloud OnDemand, customers create and manage networks (utilizing embedded VXLAN technology).

Networking Components in Virtual Private Cloud OnDemand
Networking Components in Virtual Private Cloud OnDemand

When you create an account for the Virtual Private Cloud OnDemand service, VMware creates your first virtual data center (named VDC1 by default) for you, and adds a default gateway and routed network to that virtual data center. You can log in to the Virtual Private Cloud OnDemand Web UI and create more virtual data centers; thereby adding additional gateways to your public cloud.

See Virtual Data Center Overview in the vCloud AirVirtual Private Cloud OnDemand User's Guide for information.

When you create an account for the Virtual Private Cloud OnDemand, you are not allocated any public IP addresses. You can purchase public IP addresses at any time through the Virtual Private Cloud OnDemand Web UI by using the Public IPs tab for a gateway. See Allocation of IP Addresses for information.

By default, a gateway has the following properties:

Compact configuration

High availability disabled

Multi-interface mode enabled

A gateway supports 10 interfaces, but one interface is reserved for access to the external network. To configure networking for a gateway using routed networks, use the remaining nine interfaces. You can configure unlimited isolated networks for a gateway.

When you create a virtual data center, it contains a routed network by default. You can add additional networks as needed. See Add a Network to a Virtual Data Center and Add a Network to a Gateway for information.

When creating a network, you create the network as one of the following types:

Routed: virtual machines on this network can connect to the Internet.

To allow virtual machines on a routed network to connect to the Internet, you must also add NAT and firewall rules for external network connectivity. See Connect a Virtual Machine to the Internet for information.

Isolated: an internal network; virtual machines on an isolated network are not reachable through the Internet.

By default, Virtual Private Cloud OnDemand creates a routed network when you create a virtual data center. Virtual Private Cloud OnDemand configures this auto-generated routed network with the following properties:

Connects to the gateway through the public IP address

Has the default gateway IP address 192.168.12.1

Has the subnet mask 255.255.255.0

Has an IP address pool in the range192.168.12.100–192.168.12.200

Has the following networking services enabled or disabled by default:

Firewall: enabled; deny all traffic

DHCP: disabled

NAT: disabled

Static routing: disabled

VPN: disabled

Load balancing: disabled

When you add routed networks to a virtual data center, you must specify the default gateway IP address and the IP address range for virtual machines attached to the network.

Important

When you initially add a routed network in Virtual Private Cloud OnDemand, virtual machines added to that network will not be accessible through or able to connect to the Internet. By default, gateways are deployed with firewall rules configured to deny all network traffic to and from the virtual machines on the gateway networks. Also, NAT is disabled by default so that gateways are unable to translate the IP addresses of the incoming and outgoing traffic. You must configure firewall and NAT rules on a gateway for the virtual machines on its gateway network to be accessible. See Add a Firewall Rule and Add a NAT Rule for information.

An isolated network has an internal IP address and subnet. Virtual machines attached to an isolated network communicate only with each other.

Most often, you connect your virtual machines to a routed network; however, you might connect virtual machines to an isolated network as shown in the following examples:

To isolate your log servers or database server from direct Internet traffic

To run internal only applications or virtual machines such as applications under development

When you add an isolated network to a virtual data center, you must specify all network settings. DHCP is disabled by default. (NAT, VPN, firewall rules, static routing, and DNS services are not applicable to isolated networks.)

The following table summarizes the default configuration for gateways and networks.

Summary of Default Settings for Gateways and Networks in Virtual Private Cloud OnDemand

FEATURE

DEFAULT SETTINGS

Networking Resources

Logically separated

Gateways

1 per virtual data center

Available Gateway Interfaces

9 per gateway

Bandwidth

10 Mbps allocated and 50 Mbps burstable

Public IP Addresses

None

Available Networks on First Log in

Routed

ROUTED NETWORK

ISOLATED NETWORK

Available Networking Services

Firewall: enabled; deny all traffic

DHCP: disabled

NAT: disabled

Static routing: disabled

VPN: disabled

Load balancing: disabled

DHCP: disabled

Internet Access

Yes—through the gateway public IP address

No

IP Address for the Default Gateway

192.168.12.1

Subnet

192.168.12.0/24