Appendix A: Provisioning an External Network in vCloud Director

Section 3.2, Basic vCloud Director Tenant Topology and Section 3.3, Multitenant Networking introduced the concept of an external network that connects resources within the tenant Organization VDCs to resources in the Cloud Service Provider’s data center and beyond. It was noted in Table 2. vCloud Director Tenancy and Network Elements in NSX and vSphere, that because these networks bridge the vCloud Director management domain and the physical data center outside of the vSphere environment, they cannot be created or managed from within vCloud Director alone. The following figure shows the sequence of activities needed to connect a new WAN CE router to an interface on a newly provisioned tenant Edge Services Gateway.

This figure shows the vSphere layer of the Tenant networking analysis from Section 4.1, Tenant Networking with the vCloud Director external network highlighted. In this example, a new WAN connection will be created between the vSphere environment behind the Provider VDC on which the tenant Org VDC and its Edge Services Gateway are configured. The new network details are listed in the following table.

Configuration Element	Configuration Detail
Tenant WAN access VLAN ID	1011
VLAN Subnet	172.16.11.0/24
WAN CE Interface Address	172.16.11.254
Edge Services Gateway Interface Address	172.16.11.1

1. Create the new VLAN-backed Distributed Port Group in the PVDC vCenter Server to connect the (already configured within the data center network infrastructure) WAN Access VLAN to the vSphere dvSwitch.

3. After the new dvPortGroup is available in vCenter Server, it can be added as a new External Network within vCloud Director. In the External Networks view in the vCloud Director Manage and Monitor tab, click the green “plus” icon to open the Add Network dialog.

4. In the Add Network dialog, select the vCenter Server to show available vSphere networks, and select the new ACME_1_WAN network with the correct VLAN next to it.

6. Next configure the IP addressing details for the new network. This allows vCloud Director to understand the gateway address on the WAN CE router and the range of addresses on the new network which it can allocate.

In this example, the pool of addresses which vCloud Director can allocate from has been restricted to addresses between 172.16.11.1 (which will be used for the edge interface address in a later step) and 172.16.11.199. Addresses from 172.16.11.200 – 253 could be added to the range, but are held back so that if the customer runs out of addresses, the provider can release the remainder and offer assistance with expansion.

8. External networks are not confined to a single Organization within the Provider VDC in whose vCenter Server they are configured, so the service provider must take care with the next step which presents the new external network to the required Edge Services Gateway. From the Actions menu of the Edge Services Gateway, select Properties.

9. From the Configure External Networks tab of the Edge Services Gateway’s Properties dialog, select the new external network from the list in the top table of candidate networks and click Add to copy the network into the lower table of connected networks.

12. If the new network is to be the Edge Services Gateway’s default route, the external network should be selected in Configure Default Gateway tab. Because the network is selected, the Default Gateway configured in Step 6 should appear in the right-hand column. After the changes are complete, click OK to close the dialog.

13. After the infrastructure configuration is complete, the Edge Services Gateway might need additional changes to add extra static routes, configure peering over the new network, firewall rules or NAT entries. These configuration changes are carried out through the Edge Gateway Services option of the gateway’s Actions menu.