Regarding this article #76022 need some clarification
[VMC on AWS ] Routed network may stop working if 100.64.0.0/10 network address is used as on-prem endpoint device address (76022)
Question:
1) Dedicated network connection from our DC premises to AWS via Direct Connect. The service provider is not using CGNAT IP segment 100.64.0.0/10 in their network address. In such a scenario, Is there any IP conflict? when on-prem endpoint devices (VMware)using 100.64.x.x/10 IP address.
2)Is there any issues, If we assign Private Ip address 100.64.x.x /10 to VMware endpoints for the above scenario.
plz advice.
Hi,
Just to be sure, let me just repeat it differently?
You're using this 100.64.0.0/10 network in your on premises environment and plan to reach it from your VMs located in VMware Cloud on AWS, right?
If so, you need to read this KB explaining it in details: https://kb.vmware.com/s/article/76022
You will see at the end that resolutions are:
Hope that helps and looking forward to read your comments
Cheers
Hello Nothing_NO and thank you for your question.
As stated in the KB: "VMC also uses this IP range between internal routing components it will create a conflict."
You "may get lucky" with not matching/overlapping IPs, however, as also stated: "If a packet with either a source or a destination address in the 100.64 address space that conflicts with overlapping address space internal to the SDDC, it will be delivered inside the edge and will never egress."
You can also see some more Info here: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.networking-security/GUID-...
With that being said, it is highly recommended to NOT use this CIDR.
If - for whatever reason - your Networking design does not allow to not use this Network, I'd highly recommend to get in touch with your specialists to discuss this in detail.
Hope this helps.
Be well & stay safe,
Rick
Hi Bernard,
Thanks for your reply. We are using this 100.64.0.0/10 network in our AWS cloud.
Hi Rick,
Thanks for your reply. I'm new to VMware cloud.
Regarding the below KB, Could you explain in more detail?
As stated in the KB: "VMC also uses this IP range between internal routing components it will create a conflict."
Inside my subscription, If my network (100.64.x) segment needs to communicate outside (internet) or AWS backbone it should be NAtted using public ip.
In such a case how the internal routing components will create conflict.
Hi,
As Rick and I explained you, these CIDR should not have been uses as it will create conflict with internal routing within VMC between routers for management purposes.
So, please use another subnet to avoid any conflict that won't be supported or solved by our tech support team in case of issue.
Hope this helps anyway
Emmanuel