Create logical networks to provide network access to workload VMs.

VMware Cloud on AWS supports two types of logical networks, routed and extended.

Routed networks are the default type. These networks use the SDDC compute gateway as the default gateway. Routed networks have connectivity to other logical networks in the same SDDC and to external network services such as the SDDC firewall and NAT. Extended networks require a layer 2 Virtual Private Network (L2VPN), which provides a secure communications tunnel between an on-premises network and one in your cloud SDDC.

Your SDDC starts with a single default logical network, sddc-cgw-network-1. You can use the HTML5 vSphere Client to create additional logical networks.

Procedure

  1. Log in to the vSphere Client for your SDDC.

    You cannot create logical networks using the vSphere Web Client.

  2. Select Menu > Global Inventory Lists.
  3. Select Logical Networks.
  4. Click Add.
  5. In the Name text field, enter a name for the logical network.
  6. Select whether to create a routed network or an extended network.

    Option

    Description

    Routed Network

    A routed network is used for communication over an IPsec VPN or the internet. Set the following options:

    1. In the CIDR Block text field, enter a CIDR block in xxx.xxx.xxx.0/YY format.

      Prefix length should be between 22 and 30, because your logical network must have no more than 1000 ports.

    2. (Optional) Select Enabled to enable DHCP.

      If you enable DHCP on a logical network and you have configured an on-premises DNS server, you must edit your compute gateway VPN to enable DNS queries to be correctly forwarded over the VPN. Select cgw-dns-network as one of the local networks for the VPN.

    3. If you enabled DHCP, enter the domain name to use with VMs attached to this logical network in the DNS Domain Name text box.

    Extended Network

    A VMware Cloud on AWS extended network uses a layer 2 Virtual Private Network (L2VPN) to extend an on-premises network to one in your cloud SDDC. This extended network is a single subnet with a single broadcast domain, so you can migrate VMs to and from your cloud SDDC without having to change their IP addresses. See "Configure an Extended Network and Layer 2 VPN" in VMware Cloud on AWS Networking and Security.

    Important:

    Workload logical networks must not overlap with the management network CIDR block.

  7. Click OK.

What to do next

After you have created the logical network, you can attach VMs to it. See Attach a VM to or Detach a VM from a Logical Network.