One of the most complex concept of VMware vCloud Director is understanding the Networking and at times it can be very confusing.
In this post I will try to shed some light on the concepts of networking within vCD. Chris Wahl has explained vCD networking in his video series “vCloud Director Essentials” in a very beautiful way but still I was not 100% confident about concepts.
In this post I will try to explain the concepts which I learned from Chris video series as well as other sources. Feel free to do more research if any info provided here is not clear to you as I said earlier vCD networking is bit difficult to understand in very first attempt.
So Lets begin.
There are 3 types of Networking available within vCD:
- External Network
- Org Network
- vApp Network
These three layers have been created to give the end-user the flexibility needed in a multi purpose virtual datacenter. See the below diagram which shows the logical relationship between the layers:
External Network
The External Network is used for inter-Cloud connections. Its “your connection to the outside world” and by outside world I didn’t meant internet access. It’s anything that is taking your traffic out of your cloud. It may be connected to internet but not necessarily.
An External Network is always backed by a Portgroup, meaning that a portgroup needs to exist within vSphere before you can create this vCD network object. This portgroup can be on a regular vSwitch, a dvSwitch or you could use Nexus 1KV.
Examples of External Networks are:
- VPN to customer site
- Internet connection
Org Network
The Org Network is used for intra-Cloud connections. It is used for “Cloud internal traffic”. There are 3 deployment use cases for an Org Network that is linked to an organization:
- Directly connected to an External Network
- NAT/Routed connected to an External Network
- Completely Isolated
So an Org Network is primarily intended for internal traffic, it can be linked to an External Network to create an entry to or exit from your virtual datacenter.
Note: An Org Network doesn’t necessarily need to be connected to an External Network, it could be completed isolated and used for “Cloud internal traffic” only! A very simple use case for this would be for instance a test/dev environment where vApps will need to communicate with each other but not with any other component of the infrastructure.
vApp Network
The vApp Network is very similar in nature to the Org Network. The vApp Network enables you to have a vApp internal network, this could be useful for isolating specific VMs of a vApp. The vApp Network can be:
- Directly connected to an Org Network
- NAT/Routed to an Org Network
- Completely Isolated
It should be noted that the “directly connected” option for both the Org Network and the vApp Network is just a logical connection. In the back-end it will be directly connected to the layer above. A vApp can contain multiple networks. This can be used to isolate specific VMs from the outside world.
The following diagram taken from Duncan Epping’s Blog explains the above concept where only the Web Server has a connection to the Org Network and the App and Database servers are isolated but do connect to the Web server.
Network Pools
vCD mainly revolves around pooling of resources. This holds true for networking also and more specifically for the Org Network and the vApp Network. We have to define a Network Pool before using vApp/Org network and each vApp and Org Network will consume a network (segment) out of that defined pool. This network pool typically isolates network “segments” on layer 2 from the other networks in the pool. There are currently 3 types of network pools:
- vSphere Port Group Backed
- VXLAN Backed
- VLAN Backed
- vCloud Network Isolation Backed (vCDNI)
For greater understanding of the above 4 networking components I would recommend reading this Excellent Article by Sir Duncan Epping.
One thought on “Understanding vCloud Networking”