To control the access to an external network, you can add a routed organization VDC network. System administrators and organization administrators can configure network address translation (NAT), firewall, and VPN settings to make specific virtual machines accessible from the external network.

You can add a mix of routed and isolated organization VDC networks to meet the needs of your organization. For example, you can add a network that is associated with an edge gateway and connected to the Internet, while having an isolated network that contains sensitive information.

Prerequisites

Verify that you are logged in as an organization administrator or a role with equivalent set of rights.

Procedure

  1. In the top navigation bar, click Networking.
  2. On the Networks tab, click New.
  3. On the Scope page, select Organization Virtual Data Center, select a VDC in which to create the network, and click Next.
  4. On the Select Network Type page, select Routed and click Next.
  5. On the Edge Connection page, select an edge gateway with which to associate the organization VDC network.
    If the organization VDC includes more than one edge gateway, you must select an edge gateway for this network to connect to. To support another routed network, the edge gateway must show a value of at least 1 in the # Available Networks column.
  6. (Optional) If the VDC in which you create the network is backed by NSX and if the edge gateway to which you connect the network is configured to use non-distributed routing, deactivate distributed routing.
    When you deactivate distributed routing for an organization VDC network, you connect the network directly to a tier-1 service router, forcing all VM traffic for the network through the service router.
  7. (Optional) If you are using VMware Cloud Director 10.5 with NSX and IP spaces, and if you want to fully route the new network and advertise it to external networks, toggle on the Route Advertisement option and click Next.
    If you are using VMware Cloud Director 10.5.1, you can enable route advertisement by editing the network connection settings after its creation.
  8. If the VDC in which you create the network is backed by NSX Data Center for vSphere, select the interface type from the drop-down menu.
    Option Description
    Internal Connects to one of the Edge gateway's internal interfaces.

    The maximum number of networks that are allowed is 9.

    Distributed Creates the network on a distributed logical router connected to this edge gateway.

    The maximum number of networks that are allowed is 400.

    Subinterface Extends an organization VDC network. VMware Cloud Director identifies the network to use to extend through L2 VPN.

    VMware Cloud Director, with the help of NSX network virtualization, creates a trunk interface type for this network. The maximum number of networks that are allowed is 200.

  9. (Optional) If the VDC in which you create the network is backed by NSX Data Center for vSphere, toggle on the Guest VLAN Allowed option to enable tagging of guest VLANs on this network.
  10. Click Next.
  11. Enter a name and, optionally, a description for the network.
  12. (Optional) To enable dual-stack networking, turn on the Dual-Stack Mode toggle.
    Dual-stack mode enables the network to have both IPv4 and IPv6 subnets.
    Note: Enabling dual-stack networking mode is irreversible.
  13. Enter the Classless Inter-Domain Routing (CIDR) settings for the network.
    • If you are using IP spaces, select an IP space from the drop-down menu and a subnet prefix.
    • If you are not using IP spaces, enter a CIDR in the format network_gateway_IP_address/subnet_prefix_length, for example, 192.167.1.1/24.
  14. (Optional) If the VDC in which you create the network is backed by NSX Data Center for vSphere, toggle on the Shared option to make the organization VDC network available to other organization VDCs within the same organization.
    Note: The Organization VDCs must share the same network pool.
    One potential use case is when an application within an Organization VDC has a reservation or allocation pool set as the allocation model. In this case, it might not have enough room to run more virtual machines. As a solution, you can create a secondary Organization VDC with pay-as-you-go and run more virtual machines on that network on a temporary basis.
    Note: If the VDC in which you add the network is backed by NSX, you can share this network by adding it to a data center group.
  15. Click Next.
  16. (Optional) To reserve one or more IP addresses for assignment to virtual machines that require static IP addresses, configure the Static IP Pools for the network.
    1. Enter the IP address or range of IP addresses, and click Add.
      To add multiple static IP addresses or ranges, repeat this step.
    2. (Optional) To modify or remove IP addresses and ranges, click Modify or Remove.
  17. Click Next.
  18. (Optional) Configure the DNS settings.
    Option Action
    Primary DNS Enter the IP address for your primary DNS server.
    Secondary DNS Enter the IP address for your secondary DNS server.
    DNS Suffix Enter your DNS suffix.

    The DNS suffix is the DNS name without including the host name.

  19. Click Next.
  20. (Optional) If the network is backed by NSX, select a template that defines a set of custom segment profiles to be applied on the network and click Next.
  21. Review your settings and click Finish.