Nothing_NO
Contributor
Contributor

article 76022 - 100.64.0.0/10 network address

Regarding this article #76022 need some clarification

[VMC on AWS ] Routed network may stop working if 100.64.0.0/10 network address is used as on-prem endpoint device address (76022)

 

Question:

1) Dedicated network connection from our DC premises to AWS via Direct Connect. The service provider is not using CGNAT IP segment 100.64.0.0/10 in their network address. In such a scenario, Is there any IP conflict? when on-prem endpoint devices (VMware)using 100.64.x.x/10 IP address.

2)Is there any issues, If we assign Private Ip address 100.64.x.x /10 to VMware endpoints for the above scenario.

plz advice.

0 Kudos
5 Replies
ebernard
Enthusiast
Enthusiast

Hi,

Just to be sure, let me just repeat it differently?
You're using this 100.64.0.0/10 network in your on premises environment and plan to reach it from your VMs located in VMware Cloud on AWS, right?

If so, you need to read this KB explaining it in details: https://kb.vmware.com/s/article/76022 

You will see at the end that resolutions are:

  • Do not use the IP range - (100.64.0.0–100.127.255.255) addresses. They are always meant to be intermediary relay hops that are internal to the carrier networks.
  • VMC uses the same network and specification to implement CGN style networking between the VMC Edge routers in internal routing components which can create a conflict.
  • SDDCs that were created using version 1.10 or later have a smaller allocation of 100.64.0.0/16 instead of the entire 100.64.0.0/10 block. Address space other than the 100.64.0.0/16 block can be used for endpoints.
  • SDDCs that were upgraded from releases prior to 1.10 do not reflect this change and will continue to have the 100.64.0.0/10 allocation present.
  • VMC also uses this IP range between internal routing components it will create a conflict.
  • If a packet with either a source or a destination address in the 100.64 address space that conflicts with overlapping address space internal to the SDDC, it will be delivered inside the edge and will never egress.

 

Hope that helps and looking forward to read your comments
Cheers

 

Emmanuel BERNARD
Lead Solution Engineer | VMware Cloud | EMEA

Please mark "Helpful" or "Correct Answer" if applies. Appreciate it.
Rick_Star
VMware Employee
VMware Employee

Hello Nothing_NO and thank you for your question.

As stated in the KB: "VMC also uses this IP range between internal routing components it will create a conflict."

You "may get lucky" with not matching/overlapping IPs, however, as also stated: "If a packet with either a source or a destination address in the 100.64 address space that conflicts with overlapping address space internal to the SDDC, it will be delivered inside the edge and will never egress."

You can also see some more Info here: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.networking-security/GUID-...


With that being said, it is highly recommended to NOT use this CIDR. 
If - for whatever reason - your Networking design does not allow to not use this Network, I'd highly recommend to get in touch with your specialists to discuss this in detail. 

Hope this helps. 

Be well & stay safe,

Rick

Rick Hoffmann
Cloud Customer Success Architect - VMware Cloud
VMware Inc.
http://cloudsuccess.blog
Tags (1)
Nothing_NO
Contributor
Contributor

Hi Bernard, 

   Thanks for your reply. We are using this 100.64.0.0/10 network in our AWS cloud.

  

 

0 Kudos
Nothing_NO
Contributor
Contributor

Hi Rick,

   Thanks for your reply. I'm new to VMware cloud. 

   Regarding the below KB, Could you explain in more detail?

   As stated in the KB: "VMC also uses this IP range between internal routing components it will create a conflict."

  Inside my subscription, If my network (100.64.x) segment needs to communicate outside (internet) or AWS backbone it should be NAtted using public ip. 

  In such a case how the internal routing components will create conflict. 

0 Kudos
ebernard
Enthusiast
Enthusiast

Hi,

As Rick and I explained you, these CIDR should not have been uses as it will create conflict with internal routing within VMC between routers for management purposes.
So, please use another subnet to avoid any conflict that won't be supported or solved by our tech support team in case of issue.

Hope this helps anyway

Emmanuel

Emmanuel BERNARD
Lead Solution Engineer | VMware Cloud | EMEA

Please mark "Helpful" or "Correct Answer" if applies. Appreciate it.
0 Kudos