Create logical networks to provide network access to workload VMs.

About this task

VMware Cloud on AWS supports two types of logical networks, routed and extended.

Routed networks are the default type. These networks use the SDDC compute gateway as the default gateway. Routed networks have connectivity to other logical networks in the same SDDC and to external network services such as the SDDC firewall and NAT.

Extended networks are configured with a tunnel ID, which is used to identify networks on each side of the L2VPN tunnel. When the tunnel ID matches on the cloud SDDC and the on-premises side of the tunnel, the two networks become part of the same broadcast domain. Extended networks use an on-premises gateway as the default gateway. Other network services such as DHCP and DNS are also provided on-premises.

You can change a logical network from routed to extended or from extended to routed. For example, you might configure a logical network as extended to allow migration of VMs from you on-premises data cetner to you cloud SDDC. When the migration is complete, you might then change the network to routed to allow the VMs to use VMware Cloud on AWS networking services.

Your SDDC starts with a single default logical network, sddc-cgw-network-1. You can use the HTML5 vSphere Client to create additional logical networks.

Procedure

  1. Log in to the vSphere Client for your SDDC.

    You cannot create logical networks using the vSphere Web Client.

  2. Select Menu > Global Inventory Lists.
  3. Select Logical Networks.
  4. Click Add.
  5. In the Name text field, enter a name for the logical network.
  6. Select whether to create a routed network or an extended network.

    Option

    Description

    Routed Network

    A routed network is used for communication over an IPsec VPN or the internet. Set the following options:

    1. In the CIDR Block text field, enter a CIDR block in xxx.xxx.xxx.0/YY format.

      Prefix length should be between 22 and 30, because your logical network must have no more than 1000 ports.

    2. (Optional) Select Enabled to enable DHCP.

      If you enable DHCP on a logical network and you have configured an on-premises DNS server, you must edit your compute gateway VPN to enable DNS queries to be correctly forwarded over the VPN. Select cgw-dns-network as one of the local networks for the VPN.

    3. If you enabled DHCP, enter the domain name to use with VMs attached to this logical network in the DNS Domain Name text box.

    Extended Network

    An extended network is used for communication over a Layer 2 VPN stretched network.

    Enter the Tunnel ID for the extended network. The tunnel ID must be the same on both the on-premises and cloud ends of the Layer 2 VPN.

  7. Click OK.

What to do next

After you have created the logical network, you can attach VMs to it. See Attach a VM to or Detach a VM from a Logical Network.

Optionally, you can use this logical network as part of a VPN connection to your on-premises data center or to an Amazon VPC.