While working through several issues opened over at GitHub for our vagrant-vcloud project I figured out that many vCloud Director users are not familiar with the networking options and capabilities built into the provider, this post should shed some light on the networking options available.

We’re going to talk about the three most common deployment topologies:

  • Protected vApp Network with Organization VDC Edge Gateway fronting the Organization VDC Network to the External Network (common scenario for public clouds).
  • Protected vApp Network connected to an External Network (less common scenario for public clouds, common scenario for private cloud).
  • VMs directly connected to an Organization VDC Network / External Network (very common scenario for private cloud).

Protected vApp Network with Organization VDC Edge Gateway

Protected vApp Network with Organization VDC Edge Gateway

In this scenario the vApp deployed by vagrant-vcloud has a private vApp Network (you can specify your own subnet with ip_subnet, otherwise defaults to 10.1.1.0/24) that is fronted by a vApp vShield Edge that does all the port forwarding duties for Vagrant (e.g. SSH port forwarding and all the additional forwardings you specify in your Vagrantfile).

The vShield Edge has an uplink to the Organization VDC Network specified with vdc_network_name and automatically consumes an IP from its Pool, vdc_edge_gateway and vdc_edge_gateway_ip configure the Organization VDC Edge Gateway device that connects the Organization VDC Network (vdc_network_name) with the External Network. It is important to specify vdc_edge_gateway_ip as we can’t guess the external IP to be used, and this is critical for Organization VDC Edge Gateways that are directly connected to the Internet.

This Vagrantfile represents the configuration depicted in the diagram above:

Protected vApp Network connected to an External Network

Protected vApp Network connected to an External Network

In this scenario the vApp deployed by vagrant-vcloud has a private vApp Network (you can specify your own subnet with ip_subnet, otherwise defaults to 10.1.1.0/24) that is fronted by a vApp vShield Edge that does all the port forwarding duties for Vagrant (e.g. SSH port forwarding and all the additional forwardings you specify in your Vagrantfile).

The vApp vShield Edge has an uplink to the Organization VDC Network specified with vdc_network_name and automatically consumes an IP from its Pool, the Vagrant User must either have access to the Organization VDC Network, or to the External Network that might be bridged to it (Organization vDC Network in Direct Mode) in order to perform a vagrant ssh successfully.

This Vagrantfile represents the configuration depicted in the diagram above:

VMs directly connected to an Organization VDC Network / External Network

VMs directly connected to an Organization VDC Network / External Network

In this scenario the vApp deployed by vagrant-vcloud doesn’t have any private vApp Network, by using network_bridge = true we connect every VM in the Vagrantfile directly to the Organization VDC Network specified with vdc_network_name and every VM deployed will consume an IP from that Organization VDC Network IP Pool.

The Vagrant User must have access to the Organization VDC Network/External Network in order to perform a vagrant ssh succesfully.

This Vagrantfile represents the configuration depicted in the diagram above:

Closing Remarks

I hope this will give a better understanding to everyone using vagrant-vcloud and to every vCloud user in general (this applies to vCloud Hybrid Services too!).

Comments