Network segments are logical networks for use by workload VMs in the SDDC compute network.

VMware Cloud on AWS GovCloud supports three types of network segments: routed, extended and disconnected.
  • A routed network segment (the default type) has connectivity to other logical networks in the SDDC and, through the SDDC firewall, to external networks.
  • An extended network segment extends an existing L2VPN tunnel, providing a single IP address space that spans the SDDC and an on-premises network.
  • A disconnected network segment has no uplink, and provides an isolated network accessible only to VMs connected to it. You can also create them yourself, and can convert them to other segment types.

See VMware Configuration Maximums for limits on segments per SDDC and network connections per segment.

A Single Host Starter SDDC is created with a single routed network segment named sddc-cgw-network-1. Multi-host SDDCs are created without a default network segment, so you must create at least one for your workload VMs. When you create a segment, you start by configuring some basic parameters and specifying how DHCP requests are handled on the segment. After the segment has been created, you can take additional, optional steps to specify a segment profiles and create DHCP static bindings.

Procedure

  1. Log in to the VMware Cloud on AWS GovCloud at https://www.vmc-us-gov.vmware.com/.
  2. Click Networking & Security > Segments.

    To create a new segment, click ADD SEGMENT and give the new segment a Name and optional Description.

    To delete or modify a segment, click its ellipsis buttons and select Edit. You can modify all segment properties, including segment type. You can also edit or delete the segment's DHCP configuration.
    Important: You cannot deactivate or delete a segment of any type if it has attached VMs or VIFs. Disconnect attached VMs and VIFs before deleting the segment.
  3. Specify a segment Type and fill in the required configuration parameters.
    Parameter requirements depend on the segment type
    Table 1. Routed Segment Configuration Parameters
    Parameter Value
    VPN Tunnel ID N/A for Routed or Disconnected segment types.
    Subnets

    Specify an IPv4 CIDR block for the segment. The block must not overlap your management network, any of the CIDR clocks listed in NSX-T Networking Concepts, or any of the subnets in your connected Amazon VPC. If any part of the block is in a public IP space, it must be in one that has been allocated for your use by IANA or another regional internet registry.

    SET DHCP CONFIG

    Routed segments default to using the Compute Gateway DHCP server. Per-segment DHCP configuration, including DHCP relay, can be specified when you create or update the segment. See Configure Segment DHCP Properties.

    Domain Name (Optional) Enter a fully qualified domain name. Static bindings on the segment automatically inherit this domain name.
    Tags

    See Add Tags to an Object in the NSX-T Data Center Administration Guide for more information about tagging NSX-T objects.
    Table 2. Extended Segment Configuration Parameters
    Parameter Value
    VPN Tunnel ID Specify the tunnel ID of an existing L2VPN tunnel. N/A for Routed or Disconnected segment types. If you have not already created an L2VPN, see Configure a Layer 2 VPN Tunnel in the SDDC.
    Subnets N/A for Extended segments.
    Domain Name (Optional) Enter a fully qualified domain name. Static bindings on the segment automatically inherit this domain name.
    Tags

    See Add Tags to an Object in the NSX-T Data Center Administration Guide for more information about tagging NSX-T objects.
    Table 3. Disconnected Segment Configuration Parameters
    Parameter Value
    VPN Tunnel ID N/A for Routed or Disconnected segment types.
    Subnets

    Specify an IPv4 CIDR block for the segment. The block must not overlap your management network, any of the CIDR clocks listed in NSX-T Networking Concepts, or any of the subnets in your connected Amazon VPC. If any part of the block is in a public IP space, it must be in one that has been allocated for your use by IANA or another regional internet registry.

    Domain Name (Optional) Enter a fully qualified domain name. Static bindings on the segment automatically inherit this domain name.
    Tags

    See Add Tags to an Object in the NSX-T Data Center Administration Guide for more information about tagging NSX-T objects.
  4. Click SAVE to create or update the segment.
    Click YES if you want continue with segment configuration. If you click NO, you can edit the segment later if you need to.
    The system creates the requested segment. This operation can take up to 15 seconds to complete. When the segment Status transitions to Up the segment is ready for use. If the segment Status is Down, you can click the information icon for more information about the cause of the problem.
  5. (Optional) Click SEGMENT PROFILES to view segment profiles for the segment.
    Segment profiles specify Layer 2 networking configuration details for segments and segment ports. A set of default segment profiles is applied to every new segment. Segment profiles are read-only for VMware Cloud on AWS GovCloud.
  6. (Optional) Configure DHCP STATIC BINDINGS.
    1. Click Set to specify static bindings for VMs on the segment.
      Click ADD IPV4 STATIC BINDING, then give the binding a Name and specify an IPv4 address included in the segment and a MAC address. When a VM with the specified MAC address is powered on and connected to the segment, it receives the specified address. Click SAVE to create the binding, then add another binding or click APPLY to apply the specified static bindings to the segment.
    2. Click DHCP Options to specify DHCP Classless Static Routes (Option 121) and Generic Options.
      • Each classless static route option in DHCP for IPv4 can have multiple routes with the same destination. Each route includes a destination subnet, subnet mask, next hop router. See RFC 3442 for information about classless static routes in DHCPv4. You can add a maximum of 127 classless static routes on a DHCPv4 server.
      • For adding Generic Options, select the code of the option and enter a value of the option. For binary values, the value must be in a base-64 encoded format.

What to do next

After a segment has been created and has a status of Success, you can click VIEW STATISTICS to view statistics for network traffic to and from the segment. You can click VIEW RELATED GROUPS to see a list of groups that include this segment. For more information about groups in NSX-T, see Add a Group in the NSX-T Data Center Administration Guide.