External network isolation

rherlaar_1 · ‎10-12-2010

hi all ,

I'm able to apply overlapping ip addresses on vCD for different orgs and different vlans for external networks (so no NAT involved here) - which is obviously cool but just wanted to make sure it's going to work as i expect it to work. I.e. I intend on mapping the unique (external) vlans to VRF's to ascertain end-2-end isolation of tenant traffic.

I.e. , does vCD support overlap ip ranges for different Organizations and/or different organization vDC's ?

thanks ahead !

Rik

rherlaar_1 · ‎10-23-2010

Answering my own question -

As long as there are no overlapping external network between Orgs - full network overlap insofar required is supported . Outside the vCD realm - the adjacent network would need to support path isolation (vlans/VRF's/ MPLS-VPN etc) so effectively sustain the mutlitenant "concept" end to end through.

In some diagrams I see external networks being shared by different Orgs - which is IMHO a potential use-case to economize on "dear" external resources such as vlans (restricted to 4K by spec) and VRF's (restricted by platform design) - in such cases it's obvious that ip address allocation must be carefully governed and managed to avoid duplicates - not a big deal in Enterprise / Private cloud but not desirable in Public clouds if tenants want to extend their existing ip numbering plan into a vDC.

Regards

Rik

All

External network isolation