A Virtual Infrastructure Administrator or Network Administrator can create networks in a VDC. Any VDC can support an isolated network. A VDC must be provisioned with a Edge Gateway to support a routed network.

A vApp network is a logical network that controls how the virtual machines in a vApp connect to each other and to organization VDC networks. End users can create and update vApp networks and connect them to organization VDC networks. See About vApp Networks.

An organization VDC network allows virtual machines in the organization VDC to communicate with each other and to access other networks through an Edge Gateway.

A routed organization VDC network connects to other networks through the Edge Gateway created when the VDC was instantiated. If the VDC was instantiated from a template that does not include an Edge Gateway, it cannot contain a routed network. After a Virtual Infrastructure Administrator creates a VDC that includes an Edge Gateway, a Virtual Infrastructure Administrator or Network Administrator can create and manage routed networks in that VDC.

An isolated organization VDC network does not require an Edge Gateway. After a Virtual Infrastructure Administrator creates a VDC, a Virtual Infrastructure Administrator or Network Administrator can create and manage isolated networks in that VDC whether or not it contains an Edge Gateway.

Most types of organization VDC networks do not provide any network services. Isolated organization VDC networks can specify a DhcpPoolService, which provides DHCP addresses from several pools of IP address ranges. All other services, such as NAT, firewall, and load balancing, are configured by a Virtual Infrastructure Administrator or Network Administrator on the Edge Gateway to which the network connects.

By default, only virtual machines in the organization VDC that contains the network can use it. When you create an organization VDC network, you can specify that it is shared. A shared organization VDC network can be used by all virtual machines in all VDCs in the organization.

An Edge Gateway provides a routed connection between an organization VDC network and an external network. It can provide any of the following services, defined in the GatewayFeatures element of the Edge Gateway's Configuration.

FirewallService

Specifies firewall rules that, when matched, block or allow incoming or outgoing network traffic. See Firewall Service Configurations.

GatewayDhcpService

Provides DHCP services to virtual machines on the network. A variant of this service, DhcpService, is intended to provide DHCP services in vApp networks. See Gateway DHCP Service Configurations.

GatewayIpsecVpnService

Defines one or more virtual private networks that connect an Edge Gateway to another network in or outside of the cloud.

LoadBalancerService

Distributes incoming requests across a set of servers. See Load Balancer Service Configurations.

NatService

Provides network address translation services to computers on the network.

StaticRoutingService

Specifies static routes to other networks. See Static Routing Service Configurations.

For an example of adding services to an Edge Gateway, see Configure Edge Gateway Services.

For an example of how to see which IP addresses are currently in use in rules for an Edge Gateway, see Retrieve a List of an Edge Gateway's IP Addresses and Their Usage Status.

External networks and network pools are system resources managed by vCloud Air administrators. All VDCs include a network pool.