Network segments are logical networks for use by workload VMs in the SDDC compute network.

VMware Cloud on AWS supports three types of logical network segments: routed, extended and disconnected.
  • A routed network segment (the default type) has connectivity to other logical networks in the SDDC and, through the SDDC firewall, to external networks.
  • An extended network segment extends an existing L2VPN tunnel, providing a single IP address space that spans the SDDC and an on-premises network.
  • A disconnected network segment has no uplink, and provides an isolated network accessible only to VMs connected to it. Disconnected segments are created when needed by HCX (see Getting started with VMware HCX). You can also create them yourself, and can convert them to other segment types.

See Configuration Maximums for VMware Cloud on AWS for limits on segments per SDDC and network connections per segment.

A Single Host Starter SDDC is created with a single routed network segment named sddc-cgw-network-1. This network uses CIDR block 192.168.1.0/24, unless that conflicts with the CIDR block you chose for the SDDC management network. Multi-host SDDCs are created without a default network segment, so you must create at least one for your workload VMs. .

Procedure

  1. Log in to the VMC Console at https://vmc.vmware.com.
  2. Click Networking & Security > Segments.
    To modify the configuration of an existing segment, click the ellipsis button an select Edit. To create a new segment, click ADD SEGMENT and give the new segment a Name.
  3. Specify a segment Type and fill in the required configuration parameters.
    Parameter requirements depend on the segment type
    Table 1. Routed Segment Configuration Parameters
    Parameter Value
    VPN Tunnel ID N/A for Routed or Disconnected segment types.
    Gateway IP/Prefix Length Specify a CIDR block for the segment. The block must not overlap your management network or any of the subnets in your connected Amazon VPC.
    DHCP Disabled by default. Select Enabled to enable native NSX DHCP services for VMs on this segment. Specify a DHCP IP address range and a DNS suffix for the segment. VMs connecting to the segment get their IP addresses from the specified DHCP server and their FQDN has the specified DNS suffix.
    Note:

    If you enable native NSX DHCP services on a compute network segment you cannot enable DHCP relay for the Compute Gateway. See #GUID-F6D433BE-753E-4B44-82FF-236CEBA17F8B.

    DHCP IP Range If DHCP is Enabled, specify a DHCP IP address range for VMs attached to the segment.
    Domain Name If DHCP is Enabled, specify an FQDN to be assigned to VMs attached to the segment.
    Table 2. Extended Segment Configuration Parameters
    Parameter Value
    VPN Tunnel ID Specify the tunnel ID of an existing L2VPN tunnel. N/A for Routed or Disconnected segment types. If you have not already created an L2VPN, see #GUID-5F126D0A-8CB1-4066-92ED-4F7396C312B8.
    Gateway IP/Prefix Length N/A for Extended segments.
    DHCP N/A for Extended segments.
    DHCP IP Range N/A for Extended segments.
    Domain Name N/A for Extended segments.
    Table 3. Disconnected Segment Configuration Parameters
    Parameter Value
    VPN Tunnel ID N/A for Routed or Disconnected segment types.
    Gateway IP/Prefix Length Specify a CIDR block for the segment. The block must not overlap your management network or any of the subnets in your connected Amazon VPC.
    DHCP N/A for Disconnected segments.
    DHCP IP Range N/A for Disconnected segments.
    Domain Name N/A for Disconnected segments.
  4. Click SAVE to create or update the segment.
    The system creates the requested segment. This operation can take up to 15 seconds to complete. When the segment Status transitions to Up the segment is ready for use. If the segment Status is Down, you can click the information icon for more information about the cause of the problem.