VCP-IaaS Study Notes: Section 4.2

This is Section 4.2 in the VCP-IaaS blueprint Guide 1.2. The rest of the (completed) sections can be found here.

Describe the concept of a Network Pool

  • A Network Pool is a set of pre-allocated networks that vCloud Director can draw upon as needed to create private networks and NAT-routed networks.
  • A network pool is a group of undifferentiated networks that is available for use within an organization vDC. A network pool is backed by vSphere network resources such as VLAN IDs, port groups, or Cloud isolated networks. vCloud Director uses network pools to create NAT-routed and internal organization networks and all vApp networks. Network traffic on each network in a pool is isolated at layer 2 from all other networks. Each organization vDC in vCloud Director can have one network pool. Multiple organization vDCs can share the same network pool. The network pool for an organization vDC provides the networks created to satisfy the network quota for an organization vDC. Only system administrators can create and manage network pools.
  • vCloud Director creates a private network as needed from a pool of networks to facilitate VM-to-VM communication and NAT-routed networks. vCloud Director supports one of three methods to back network pools:
    • vSphere port group. vCloud Director uses one of many existing, preconfigured vSphere networks. The networks themselves can have VLAN tagging for additional security.
    • VLAN. vCloud Director automatically uses VLAN tagging from a range provided to segment networks to create internal networks (organization and vApp networks) as needed. This assumes that vCloud Director and all the managed hosts have access to the VLANs on the physical network.
    • vCloud Director Network Isolation. vCloud Director automatically creates internal networks using MAC-in-MAC encapsulation.

Create/Delete a Network Pool

  • vSphere port group:
    • You can add a network pool that is backed by port groups to register vSphere port groups for vCloud Director to use. Unlike other types of network pools, a network pool that is backed by port groups does not require a vSphere distributed switch.
    • CAUTION The port groups must be isolated from all other port groups at the layer 2 level. The port groups must be physically isolated or must be isolated by using VLAN tags. Failure to properly isolate the port groups can cause a disruption on the network.
    • Prereq:  The port groups must be available on each ESX/ESXi host in the cluster, and each port group must use only a single VLAN.
      • Click the Manage & Monitor tab and click Network Pools in the left pane.
      • Click Add Network Pool.
      • Select vSphere Port Group-backed and click Next.
      • Select a vCenter Server and click Next.
        • Select one or more port groups, click Add, and click Next.
        • You can create one network for each port group.
        • Type a name and optional description for the network and click Next.
        • Review the network pool settings and click Finish.
  • VLAN backed:
    • You can add a VLAN-backed network pool to register vSphere VLAN IDs for vCloud Director to use. A VLANbacked network pool provides the best security, scalability, and performance for organization networks.
    • Prereq:  Verify that a range of VLAN IDs and a vSphere distributed switch are available in vSphere. The VLAN Ids must be valid IDs that are configured in the physical switch to which the ESX/ESXi servers are connected.
      • Click the Manage & Monitor tab and click Network Pools in the left pane.
      • Click Add Network Pool.
      • Select VLAN-backed and click Next.
      • Type a range of VLAN IDs and click Add.
        • You can create one network for each VLAN ID.
        • Select a vCenter Server and vSphere distributed switch and click Next.
        • Type a name and optional description for the network and click Next.
        • Review the network pool settings and click Finish.
  • vCloud Director Network Isolation:
    • You can create a network pool that is backed by cloud isolated networks. A cloud isolated network spans hosts, provides traffic isolation from other networks, and is the best source for vApp networks. An isolation-backed network pool does not require preexisting port groups in vSphere.
    • Prereq: Verify that a vSphere distributed switch is available.
      • Click the Manage & Monitor tab and click Network Pools in the left pane.
      • Click Add Network Pool.
      • Select VCD Network Isolation-backed and click Next.
      • Type the number of networks to create from the network pool.
      • (Optional) Type a VLAN ID.
      • Select a vCenter Server and a vSphere distributed switch and click Next.
      • Type a name and optional description for the network and click Next.
      • Review the network pool settings and click Finish.
  • Deletion of Network Pools work the same for all types:
    • Prerequisites: Verify that the following conditions exist:
      • No organization vDC is associated with the network pool.
      • No vApps use the network pool
      • No NAT-routed or internal organization networks use the network pool.
    • Procedure
      • Click the Manage & Monitor tab and click Network Pools in the left pane.
      • Right-click the network pool name and select Delete.
      • Click Yes.

Expand a Network Pool

  • Add a Port Group to a Network Pool
    • You can add port groups to a network pool that is backed by port groups.
    • Prerequisites
      • Verify that you have a network pool that is backed by a port group
      • Verify that you have an available port group in vSphere
    • Procedure
      • Click the Manage & Monitor tab and click Network Pools in the left pane.
      • Right-click the network pool name and select Properties.
      • On the Network Pool Settings tab, select a port group, click Add, and click OK.
  • Add Cloud Isolated Networks to a Network Pool
    • You can add Cloud isolated networks to a VCD network isolation-backed network pool.
    • Prerequisites
      • A VCD network isolation-backed network pool
    • Procedure
      • Click the Manage & Monitor tab and click Network Pools in the left pane.
      • Right-click the network pool name and select Properties.
      • On the Network Pool Settings tab, type the number of VCD isolated networks and click OK.
  • Add VLAN IDs to a Network Pool
    • You can add VLAN IDs to a network pool that is backed by a VLAN.
    • Prerequisites: Verify that your system includes the following items:
      • A network pool that is backed by a VLAN
      • Available VLAN IDs in vSphere
    • Procedure
      • Click the Manage & Monitor tab and click Network Pools in the left pane.
      • Right-click the network pool name and select Properties.
      • On the Network Pool Settings tab, type a VLAN ID range and click Add.
      • Select a vSphere distributed switch and click OK.

Determine appropriate backing for a given Network Pool

  • When To Use VLAN-Backed Network Pools
    • Networks created from VLAN-backed Network Pools are slightly faster than those created from VMware vCloud Director Network Isolation–backed Network Pools, but they require one VLAN per Organization Network created from the pool. For that reason, there may be concerns regarding the use of VLAN-backed Network Pools in an environment where the provider is trying to maximize the number of hosts, organizations, and vApps in the vCenter cluster. In one where the number of Organization and vApp networks is not expected to be large, VLAN-backed Network Pools may be a perfectly appropriate choice. VLANs may also be consumed by the underlying computing and networking fabric, so it is important to pay attention to the total number of VLANs available per cluster.
  • When To Use VMware vCloud Director Network Isolation–Backed Network Pools
    • While networks created from VMware vCloud Director Network Isolation–backed Network Pools are slightly slower than those created from VLAN-backed Network Pools, they do not require the use of any VLANs. This is an advantage when there are many Organizations, hosts, and vApps assigned to a vCenter cluster and the available number of VLANs is of concern. These types of Network Pools are also useful when it is not feasible to assign large numbers of VLANs (or a trunk port) to the hosts in the cluster. This type of Network Pool is easier to manage, as you don’t need to keep track of large numbers of VLANs and their usage across computing and networking infrastructure. It is thus also easier to lock down the propagation of the optional VLAN to only the hosts that are part of the vNetwork Distributed Switch.
  • When To Use Port Group Backed Network Pools
    • When you don’t want to use the other two for some reason. No free VLAN ranges, Static environments, Small environment, no physical vCenters to use VDS (not fun when host running vCenter dies),  etc.

Configure Network Pool properties

  • Modify a Network Pool Name and Description
    • As your vCloud Director installation grows, you might want to assign a more descriptive name or description to an existing network pool.
    • Procedure
      • Click the Manage & Monitor tab and then click Network Pools in the left pane.
      • Right-click the network pool name and select Properties.
      • On the General tab, type a new name or description and click OK.
  • Add a Port Group to a Network Pool
    • You can add port groups to a network pool that is backed by port groups.
    • Prerequisites
      • Verify that you have a network pool that is backed by a port group
      • Verify that you have an available port group in vSphere
    • Procedure
      • Click the Manage & Monitor tab and click Network Pools in the left pane.
      • Right-click the network pool name and select Properties.
      • On the Network Pool Settings tab, select a port group, click Add, and click OK.

Leave a Reply

Your email address will not be published. Required fields are marked *