A VMware Cloud Director external network provides an uplink interface that connects networks and virtual machines in the system to a network outside of the system, such as a VPN, a corporate intranet, or the public Internet. Only a system administrator can create an external network.

If you have more than one vCenter Server instance registered to the system, you can create multiple external networks, each backed either by a vSphere network, an NSX segment that is configured either with a VLAN or an overlay transport zone.

VMware Cloud Director supports IPv4 and IPv6 external networks. Dual-stack external networks are not supported.

Note: The range of IP addresses that you define when you create the external network are allocated either to an edge gateway or to the virtual machines that are directly connected to the network. Because of this, the IP addresses must not be used outside of VMware Cloud Director.

External Networks Backed by vSphere Networks

This type of external networks can be backed either by a single vSphere network, or by multiple vSphere networks.

  • External networks backed by a single vSphere instance.

    To provide each consumer of the external network with a non-overlapping set of IP addresses on the vSphere network, the system administrator must configure the IP ranges on the underlying VLAN manually.

  • External networks backed by multiple vSphere networks.

    An external network can be backed by multiple vSphere networks. This approach can simplify the IP address management in VMware Cloud Director. You can modify the properties of an external network to change its network backings.

    External networks backed by multiple vSphere networks have several constraints.

    • A network can have at most one backing vSphere network on each VMware Cloud Director instance registered to the system.
    • All backing network switches must be of the same type, either vSphere Distributed Switch or standard switch.
    • Each network must be on a different switch.

External networks backed by an NSX Segment

An external network can be backed by an imported NSX segment that is configured either with a VLAN or an overlay transport zone. In NSX, segments are virtual layer 2 domains. A segment was earlier called a logical switch.

Tier-0 Gateways

This information is relevant for VMware Cloud Director 10.4 and earlier versions. If you are using VMware Cloud Director 10.4.1, see Provider Gateways.

You can add an external network that is backed by an imported NSX tier-0 gateway. You can also create an external network that is backed by a VRF-lite tier-0 gateway in NSX.

A virtual routing and forwarding (VRF) gateway is created from a parent tier-0 gateway. It has its own routing tables.

Multiple VRF gateways can exist within the same tier-0 gateway at the same time. Because of that, adding a VRF-backed tier-0 gateway makes possible the creation of a fully routed network topology in a VDC by scaling out a tier-0 gateway in NSX.

For information about VRF gateways, see NSX Administration Guide.