Console
    Contact Us Start free

    Creating your first subnet

    Google Cloud VMware Engine creates a network for each private cloud and uses VLANs for network management. For workload virtual machines (VMs), you create subnets as network segments on NSX Manager for your private cloud. VMware Engine includes NSX for workload networking and security features such as microsegmentation and firewall policies. This page explains how to create subnets for your workloads using NSX Manager.

    Before you begin

    This quickstart assumes that you have done the following:

    1. Created a Google Cloud VMware Engine private cloud. You can create one by completing the following quickstart: Creating your first private cloud .
    2. Allocated address ranges in your network for the following purposes:
      • A DHCP service
      • A subnet for the NSX workload network segment

    Access NSX Manager from the VMware Engine portal

    The process of creating a subnet happens in NSX, which you access through VMware Engine:

    1. In the Google Cloud console, go to the Private cloudspage.

      Go to Private clouds

    2. Click Select a projectand then select the organization, folder, or project where the private cloud is located.

    3. Click the private cloud name where you want to create the subnet.

    4. Under Management appliances, click the URLcorresponding to NSX Manager.

    5. When prompted, enter your sign-in credentials. As a reminder, you can retrieve generated credentials from the private cloud details page.

    If you've set up vIDM and connected it to an identity source, such as Active Directory, use your identity source credentials instead.

    Set up DHCP service for the subnet

    Before you can create a subnet, set up a DHCP service:

    1. In NSX, go to Networking  > DHCP. The networking dashboard shows that the service creates one tier-0 and one tier-1 gateway.

    2. To begin provisioning a DHCP server, click Add DHCP Profile.

    3. In the DHCP namefield, enter a name for the profile.

    4. For Profile type, select DHCP server.

    5. In the Server IP addresscolumn, provide a DHCP service IP address range.

    6. Click Saveto create the DHCP service.

    Next, attach this DHCP service to the relevant tier-1 gateway. A default tier-1 gateway has already been provisioned by the service:

    1. In NSX, go to Networking  > Tier-1 Gateways.
    2. Click the vertical ellipses next to your tier-1 gateway and select Edit.
    3. In the DHCPfield, click the Set DHCP Configurationlink.
    4. Set Typeto DHCP Serverand select the DHCP Server Profilethat you just created.
    5. Click Save.
    6. Click Close Editing.

    You can now create a network segment in NSX. For more information about DHCP in NSX, see the VMware documentation for DHCP .

    Create a network segment in NSX

    For workload VMs, you create subnets as NSX network segments for your private cloud:

    1. In NSX, go to Networking  > Segments.
    2. Click Add Segment.
    3. In the Segment Namefield, enter a name for your segment.
    4. In the Connected Gatewaylist, select Tier1to connect to the tier-1 gateway.
    5. In the Transport zonelist, select TZ-OVERLAY | Overlay.
    6. In the Subnetscolumn, enter the subnet range. Specify the subnet range with .1 as the last octet. For example, 10.12.2.1/24 .
    7. Click Set DHCP Config, and provide values for the DHCP Rangesfield.
    8. Click Applyto save your DHCP configuration.
    9. Click Save. You can now select this network segment in vCenter when creating a VM.

    In a given region, you can advertise at most 250unique routes from VMware Engine to your VPC network using private services access. For example, those unique routes include private cloud management IP address ranges, NSX workload network segments, and HCX internal IP address ranges. This route limit includes all private clouds in the region and corresponds to the Cloud Router learned route limit.

    For information about routing limits, see Cloud Router Quotas and limits .

    Best practices for subnet configuration and route redistribution in NSX

    To ensure optimal network operation and to prevent routing loops and service disruptions, follow these guidelines when configuring subnets and routes redistribution within NSX:

    1. Subnet overlapping: Avoid overlapping subnets - Ensure that IP subnets used in VMware Engine are unique and don't overlap with subnets in your private cloud or external networks. Overlaps can cause routing problems and disrupt services.
    2. Tier-0 route redistribution:
      • Automatic redistribution - VMware Engine redistributes routes for connected Tier-1 segments within the Tier-0 router using BGP for proper connectivity between workloads and the external world.
      • Redistributing static routes - When redistributing static routes on Tier-0, it's crucial to first deny the default route ( 0.0.0.0/0 ) and then allow all traffic using a prefix list to prevent routing loops. To do this, you should create and attach a prefix-list to both of the BGP neighbors on the Tier-0 gateway, as VMware Engine already configures a default route ( 0.0.0.0/0 ) on Tier-0 gateways pointing toward the underlying infrastructure, which you can do by following the steps in the next two sections.

    Create a prefix-list in NSX

    To create a prefix-list in NSX in VMware Engine, do the following:

    1. In NSX, go to Networking  > Tier-0 Gateways.
    2. Click the menu icon (three dots) and click Edit.
    3. Click Routing.
    4. Click Setnext to IP Prefix List.
    5. Click Add IP Prefix List.
    6. Enter a name for the IP prefix list.
    7. Click Setto add IP prefixes.
    8. Click Add Prefix.
      1. In the Networkfield, enter a keyword "any".
      2. Leave all fields as is, and in the Actionfield, select Permitfrom the drop-down menu.
      3. Click Add.
    9. Click Add Prefixagain.
      1. In the Networkfield, enter an IP address in CIDR format, for example 0.0.0.0/0 .
      2. Leave all fields as is, and in the Actionfield, select Deny from the drop-down menu.
      3. Click Add.
    10. Click Apply.
    11. Click Save  > Close.

    Attach the prefix-list to both BGP neighbors

    After creating the prefix-list, the next task is to attach the prefix-list to both the BGP neighbors in NSX by doing the following:

    1. In NSX, go to Networking  > Tier-0 Gateways.
    2. Click the menu icon (three dots) and click Edit.
    3. Click BGP.
    4. Click BGP Neighbors.
    5. Click the menu icon (three dots) and select Edit.
    6. Click Route Filter.
    7. Click the menu icon (three dots) and select Edit.
    8. Click Configureon the Out Filterfield.
    9. Select the prefix-list name previously created.
    10. Click Save.
    11. Click Add  > Apply.
    12. Click Save.
    13. Repeat steps 5-13 to update another BGP neighbor.
    14. Click Close Editing.

    What's next
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: