Networking Guide
Table Of Contents
- VMware vCloud Air Networking Guide
- Contents
- About this Networking Guide
- Overview of Gateways and Networks
- About Managing Gateways and Networks
- Network Security and Secure Access
- Network Connectivity for Virtual Machines
- Direct Connect for vCloud Air
- Features of Direct Connect
- Reasons to Order Direct Connect
- Direct Connect Service Overview
- Direct Connect with Cross Connect
- Direct Connect for Network Exchange
- Direct Connect Use Cases
- About the Ordering and Provisioning Workflow
- Work with Your Provider to Set up Connection
- Order Direct Connect to vCloud Air
- Work with VMware to Complete Order
- View Direct Connect in vCloud Air
- Route Traffic Through Direct Connect
- Index
Network Address Translation (NAT)
Gateways in vCloud Air supports NAT for the virtual machines connected to gateway networks. Create a
NAT rule to translate a public IPv4 address to and from the private IPv4 address of a virtual machine on
your internal network in vCloud Air.
vCloud Air supports source NAT (SNAT) and destination NAT (DNAT) rules. When you configure an
SNAT or a DNAT rule, you always configure the rule from the perspective of vCloud Air. Specifically, that
means you configure the rules in the following ways:
n
SNAT: the traffic is traveling from a virtual machine on an internal network in vCloud Air (the source)
through the Internet to the external network (the destination).
n
DNAT: the traffic is traveling from the Internet (the source) to a virtual machine inside vCloud Air (the
destination).
You can configure NAT rules to create a private IP address space inside vCloud Air to port your private IP
address space from your enterprise into the cloud. Configuring NAT rules in vCloud Air allows you to use
the same private IP addresses for your virtual machines in vCloud Air that were used on premises in your
local data center.
NAT rules in vCloud Air include the following support:
n
Creating subnets within the private IP address space
n
Creating multiple private IP address spaces for a gateway
n
Configuring multiple NAT rules on multiple gateway interfaces
IMPORTANT By default, gateways are deployed with firewall rules configured to deny all network traffic to
and from the virtual machines on the gateway networks. Also, NAT is disabled by default so that gateways
are unable to translate the IP addresses of the incoming and outgoing traffic. You must configure both
firewall and NAT rules on a gateway for the virtual machines on a gateway network to be accessible.
Attempting to ping a virtual machine on a network after configuring a NAT rule will fail without adding a
firewall rule to allow the corresponding traffic.
Related Information
n
See “Add a NAT Rule,” on page 24 in this guide for the steps to create a SNAT or DNAT rule
n
See “Add a Firewall Rule,” on page 29 in this guide for the steps to create a firewall rule.
DHCP
To change the default behavior for DHCP in vCloud Air networks, you edit the DHCP service settings in
vCloud Director.
When you create a network in vCloud Air, DHCP is configured for vCloud Air in the following ways.
Gateway Network
DHCP is configured for gateway networks in the following ways:
n
Disabled by default.
n
When you create a virtual machine and add it to a gateway network, you must explicitly set its IP
address unless you have enabled DHCP for that network.
Configure DHCP for a gateway network by navigating from vCloud Air to the networking services for the
gateway in vCloud Director:
VMware vCloud Air Networking Guide
14 VMware, Inc.