Monday, 21 January 2013

vCloud Director (5.1.1) Networking - PART 1

This part is covering the basics of vCD Networking.

vCD networking is used to provide network services to vCD elements which are:

1. Organizations
2. vApps 
3. vCD VMs

Those network services include:

1. Internet Connection 
2. Firewall Services 
3. NAT Services 
4. Load Balancer Services 
5. VPN Services

The elements which provide vCD network services are:

1. vShield Edge (vSE) - The firewall component provided by VMware is now upgraded to be present in vCD environment in addition to vCenter environment. 
2. vApp Networks - Each vApp network represents a single wire where VM(s) are connected to. vNIC(s) can have IP addresses assigned manually or obtain from vApp Network IP Pool. 
3. Org vDC Networks - Those represents the next hop where vApp Networks will connect to. vApp network can connect to Org vDC network directly or through vSE component. Single Org vDC network can have one or more vApp networks connected to it. 
4. External Networks - This is the entry/exist point to/from your cloud which connect Org(s) to external physical network. Its always preferred to have one dedicated External Network per Org instead of sharing it across Orgs. Again Org vDC networks can be connected to external networks directly or through vSE.

Those elements can be used in different cloud deployments, below are some examples.
How vCD Network Elements Reflect in vCenter Infrastructure ?

An External Network is always backed by a Portgroup, meaning that a portgroup needs to exist within vSphere before you can create this vCD network object. This portgroup can be on a regular vSwitch, a dvSwitch or you could use Nexus 1KV.

Note: An external network can be a port group shared with non-vCD VMs.

Org vDC Network can be backed by a Portgroup or not. This depends on the type of OvDC Network selected during creation. In case OvDC Network is directly connected to External network without vSE, Portgroup won't be required or created as it will be logical link. Physically, vApp Networks will be directly connected to External Network Portgroup.

However, if OvDC Network is connected to External network using vSE, in this case Portgroup will be created . This Portgroup will include one vNIC from vSE. There are different types of Portgroups created for OvDC networks based on the type of OvDC network resource pool. We will be covering this later.

Similar to OvDC network, vApp network can be backed by Portgroup or not. If vApp network is directly connected to OvDC network, no Portgroup is created as this will be a logical link. Physically, vNICs for VMs are directly connected to OvDC network Portgroup.

However, if vApp network is connected to OvDC network through vSE, Portgroup is created and will have one vNIC from vSE as well as VM's vNIC(s).

Important note: For OvDC network and vApp network, vDS is only supported for their Portgroups. In case PvDC is using N1KV or vSS, OvDC networks and vApp networks can't be created.


  1. In case PvDC is using N1KV or vSS, OvDC networks and vApp networks can't be created - is this still the case?

    i am using the 1000v and it works for me

  2. This is right if you want to deploy Routed OvDC network using Port-Group Backed network pool. In this case, you can create N1KV or Standard Port-Groups in vCenter and use them in vCD.

    However, for Routed OvDC Networks using network pools types vCDNI or VLAN-Backed, N1KV and Standard Port-Groups aren't supported.

    Also, its not supported for Direct OvDC Networks.