You can link one or more compute VPCs or VNets to a Transit VPC or VNet.
Prerequisites
- Verify that you have a Transit VPC or VNet with a PCG.
- Verify that the VPC/VNet you want to link is connected to the Transit VPC or VNet through VPN or peering.
- Verify that the Compute VPC/VNet is in the same region as the Transit VPC/VNet.
Note: In route-based IPSec VPN configuration, you must specify the IP address for the virtual tunnel interface (VTI) port. This IP must be in a different subnet than workload VMs. This prevents workload VM inbound traffic from being directed to the VTI port, from which it will be dropped.
Note: In the public cloud, a default limit exists for the number of inbound/outbound rules per security group and NSX Cloud creates default security groups. This affects how many Compute VPCs/VNets can be linked to a Transit VPC/VNet. Assuming 1 CIDR block per VPC/VNet, NSX Cloud supports 10 Compute VPCs/VNets per Transit VPC/VNet. If you have more than 1 CIDR in any Compute VPC/VNet, the number of supported Compute VPCs/VNets per Transit VPC/VNet reduces. You can adjust the default limits by reaching out to your public cloud provider.
Procedure
- Log in to CSM using an account with the Enterprise Administrator role.
- Click VPCs / VNets tab. and go to the
- In the VPCs or VNets tab, select a region name where you are hosting one or more compute VPCs or VNets.
- Select a compute VPC/VNet configured for NSX Cloud.
- Click LINK TO TRANSIT VPC or LINK TO TRANSIT VNET
- Complete the options in the Link Transit VPC or VNet window:
Option Description Transit VPC or VNet Select a Transit VPC or VNet from the dropdown menu. The Transit VPC or VNet you select must be already linked with this VPC by way of VPN or peering. Note: If connecting to a Transit VNet, you must have a DNS forwarder configured in that VNet and the tag nsx.dnsserver=<IP address of the DNS forwarder> applied to the Transit VNet. See Microsoft Azure documentation for information on setting up the DNS forwarder.Default Quarantine Policy Leave this in the default disabled mode when you first deploy PCG. You can change this value after onboarding VMs. See Manage Quarantine Policy in the NSX-T Data Center Administration Guide for details. Manage with NSX Tools Leave in the default disabled state to onboard workload VMs in the Native Cloud Enforced Mode. If you want to install NSX Tools on your workload VMs to use the NSX Enforced Mode, enable this option. Auto-install NSX Tools This is only available when you choose to manage with NSX Tools and only for Microsoft Azure VNets. If selected, NSX Tools are auto-installed on all workload VMs in the Transit/Self-managed/linked Compute VNet if the tag nsx.network=default is applied to them.
What to do next
Follow instructions at Using NSX Cloud in the NSX-T Data Center Administration Guide.