Internal, “private” addresses managed by the service provider or the customer which, if managed sensibly, have sufficient capacity so that all networks can be assigned subnets which allow room for expansion. This is not the case for registered “public” internet addresses which are in short supply. Internet access is presented to an Org VDC as an external network. Depending upon the provider data center topology, there might be one or more network hops between the vCloud Director environment and the local internet access or aggregation device. Because the precise topology is outside the scope of this document, only the final routing device is considered here.

The following figure shows the internet access elements of the data center. The red network shows the shared internet access network connected to a next-hop upstream device. As before, Tenant 4 has an external physical firewall, so while the other Tenants’ Edge Services Gateways have a connection to the internet external network, Tenant 4’s Edge Services Gateway is connected to a separate vCloud Director external network with the “Inside” interface of the physical firewall as the next hop.