Network segments are logical networks for use by workload VMs in the SDDC.

VMware Cloud on AWS supports three types of logical network segments: routed, extended and disconnected.
  • A routed network segment (the default type) has connectivity to other logical networks in the SDDC and, through the SDDC firewall, to external networks.
  • An extended network segment extends an existing L2VPN tunnel, providing a single IP address space that spans the SDDC and an on-premises network.
  • A disconnected network segment has no uplink, and provides an isolated network accessible only to VMs connected to it. Disconnected segments are created when needed by HCX (see Getting started with VMware HCX). You can also create them yourself, and can convert them to other segment types.

A Single Host Starter SDDC is created with a single routed network segment named sddc-cgw-network-1. This network uses CIDR block 192.168.1.0/24, unless that conflicts with the CIDR block you chose for the SDDC management network. In that case, the default network uses CIDR block 172.10.1.0/24.

Multi-host SDDCs are not created with a default network segment, so you must create at least one for your workload VMs. You can use the VMC Console to create additional network segments or delete ones that are no longer in use.

When you create a network segment, ensure that it does not overlap your management network or any of the subnets in your connected Amazon VPC.

Procedure

  1. Log in to the VMC Console at https://vmc.vmware.com.
  2. Select Networking & Security > Segments > Add Segments.
  3. Enter a Name for the segment.
  4. Select a segment Type from the drop-down menu and configure the segment.
    Type Configuration
    Routed
    1. Specify the CIDR block of the segment in the Gateway/Prefix Length field.
    2. (Optional) Select Enabled to enable DHCP. Specify a DHCP IP Range and DNS Suffix such as example.com for the segment. VMs connecting to the segment get their IP addresses from the specified DHCP server and their FQDN has the specified suffix.

      If you enable DHCP on a logical network and you have configured an on-premises DNS server, you must edit your compute gateway VPN to enable DNS queries to be correctly forwarded over the VPN.

    Extended Specify the ID of an existing L2VPN tunnel block of the segment in the Tunnel ID field.
    Disconnected Specify the CIDR block of the segment in the Gateway/Prefix Length field.
    Note: You cannot connect more than 1000 VMs to a network segment of any type.
  5. Click Save.
    The system creates the requested segment. This operation can take up to 15 seconds to complete.