Create an Organization VDC Network With a Routed Connection

An organization VDC network with a routed connection provides controlled access to machines and networks outside of the organization VDC. System administrators and organization administrators can configure network address translation (NAT) and firewall settings on the network's Edge Gateway to make specific virtual machines in the VDC accessible from an external network. Virtual Infrastructure Administrators and Network Administrators can configure network address translation (NAT) and firewall settings on the VDC's Edge Gateway to make specific virtual machines in the VDC accessible from an external network.

You can create an IPv4 or IPv6 routed network.

Prerequisites

This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights. Verify that you are logged in to the vCloud Air Compute Service as an Account Administrator.

Procedure

Retrieve the list of Edge Gateways in the organization VDC in which you plan to create the routed network.
You can use a query like this one, where href is the value of the href attribute of your organization VDC:
```
https://vcloud.example.com/api/query?type=edgeGateway&format=records&filter=vdc==href
```
If this organization VDC does not contain any Edge Gateways, or does not contain an Edge Gateway that has the configuration you want, a system administrator can create a new Edge Gateway. See Create an Edge Gateway.
Choose an Edge Gateway that has interface capacity available.
An Edge Gateway can support a maximum of nine internal and external interfaces. At least one of those interfaces is typically consumed by a connection to an external network. Creation of a routed organization VDC network requires the Edge Gateway to have an unused interface available for the new network. To see how many interfaces each Edge Gateway in your organization VDC is using, you can run the query shown in Step 1, then add the values of the numberOfExtNetworks and numberOfOrgNetworks attributes. If the total is less than 9, the Edge Gateway can accommodate a new routed organization VDC network.
Retrieve a reference to the Edge Gateway in the organization VDC in which you plan to create the routed network.
You can use a query like this one, where href is the value of the href attribute of your organization VDC:
```
https://vcloud.example.com/api/query?type=edgeGateway&format=records&filter=vdc==href
```
An organization VDC can contain at most one EdgeGateway. If this organization VDC does not contain an Edge Gateway, you cannot create a routed organization VDC network in it.
Create an OrgVdcNetwork element.
1. Specify a value of natRouted in the FenceMode element of the network Configuration.
  You can specify additional Configuration parameters, as noted in the schema reference.
2. Specify the href of the Edge Gateway you chose in Step 2 in the EdgeGateway element. Specify the href of this VDC's Edge Gateway in the EdgeGateway element.
See the request portion of Create an Organization VDC Network With a Routed Connection.
POST the OrgVdcNetwork element to the URL for adding networks to the organization VDC.
See the request portion of Create an Organization VDC Network With a Routed Connection

Results

The server takes the requested action and returns an XML representation of the partially-created object. This representation includes an href attribute, properties specified in the creation request, and an embedded Task element that tracks the creation of the object. When the task completes, the object has been created, and you can use the value of the href attribute with a GET request to retrieve the XML representation of the object.

See the response portion of Create an Organization VDC Network With a Routed Connection.

Example: Create an Organization VDC Network With a Routed Connection

This example adds a routed network to the organization VDC created in Add a VDC to an Organization. The network connects through the Edge Gateway created in Create an Edge Gateway. This example adds a routed network to an organization VDC that contains an Edge Gateway. Because the creation request sets the value of the IsShared element to true, the new network is made available in all VDCs in this organization.

Request:

POST https://vcloud.example.com/api/admin/vdc/44/networks
Content-Type: application/vnd.vmware.vcloud.orgVdcNetwork+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<OrgVdcNetwork
   name="RoutedOVDCNet"
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <Description>Routed through an Edge Gateway</Description>
   <Configuration>
      <IpScopes>
         <IpScope>
            <IsInherited>false</IsInherited>
            <Gateway>192.168.0.1</Gateway>
            <Netmask>255.255.255.0</Netmask>
            <Dns1>10.147.115.1</Dns1>
            <DnsSuffix>example.com</DnsSuffix>
            <IpRanges>
               <IpRange>
                  <StartAddress>192.168.0.100</StartAddress>
                  <EndAddress>192.168.0.199</EndAddress>
               </IpRange>
            </IpRanges>
         </IpScope>
      </IpScopes>
      <FenceMode>natRouted</FenceMode>
   </Configuration>
   <EdgeGateway
      href="https://vcloud.example.com/api/admin/gateway/2000" />
   <IsShared>true</IsShared>
</OrgVdcNetwork>

Response:

201 Created
Content-Type: application/vnd.vmware.vcloud.orgVdcNetwork+xml
...
<OrgVdcNetwork
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="RoutedOVDCNet"
   type="application/vnd.vmware.vcloud.orgVdcNetwork+xml"
   href="https://vcloud.example.com/api/admin/network/59" ...>
   <Link
      rel="edit"
      type="application/vnd.vmware.vcloud.orgVdcNetwork+xml"
      href="https://vcloud.example.com/api/admin/network/59" />
   <Link
      rel="remove"
      href="https://vcloud.example.com/api/admin/network/59" />
   <Link
      rel="up"
      type="application/vnd.vmware.admin.vdc+xml"
      href="https://vcloud.example.com/api/admin/vdc/44" />
   <Link
      rel="down"
      type="application/vnd.vmware.vcloud.metadata+xml"
      href="https://vcloud.example.com/api/admin/network/59/metadata" />
   <Link
      rel="down"
      type="application/vnd.vmware.vcloud.allocatedNetworkAddress+xml"
      href="https://vcloud.example.com/api/admin/network/59/allocatedAddresses/" />
   <Description>Routed through an Edge Gateway</Description>
   <Tasks>
      <Task
         status="running"
         ...
         operation="Creating Network RoutedOVDCNet(59)"
         ...
         href="https://vcloud.example.com/api/task/999">
      </Task>
   </Tasks>
   <Configuration>
      ...
      <RetainNetInfoAcrossDeployments>false</RetainNetInfoAcrossDeployments>
   </Configuration>
   <EdgeGateway
      type="application/vnd.vmware.admin.edgeGateway+xml"
      name="theEdge"
      href="https://vcloud.example.com/api/admin/edgeGateway/2000" />
   <IsShared>true</IsShared>
</OrgVdcNetwork>

Note:

When the Task completes, the new network is represented in the EdgeGateway by a GatewayInterface whose InterfaceType is Internal. Unlike the Uplink interface that you create when you create an EdgeGateway, an internal interface cannot be created explicitly. It is created only as a side-effect of creating a routed organization VDC network.