When creating a multi-machine template in vCloud Automation Center 6.0, you have to set the transport zone if you want to use a NAT, private or a routed network in the multi-machine. The transport zone has to be configured in both the reservation and in the actual multi-machine blueprint. Although the IaaS Configuration for Multi-Machine Services PDF is talking about the transport zone, the (vSphere) configuration steps are not well documented.
In the multi-machine blueprint, you select a transport zone which identifies the vSphere endpoint. The multi-machine blueprint and the reservations used in the provisioning must have the same transport zone setting. Transport zones are defined in the NSX and [or] vCloud Networking and Security environments.
An IaaS administrator can use a reservation to assign external networks and routed gateways to network profiles for basic and multi-machine networks, specify the transport zone, and assign security groups to multi-machine components.
In the reservation, you specify a transport zone to indicate the diameter and scope of the compute infrastructure available for network virtualization.
All quotes are taken from the IaaS Configuration for Multi-Machine Services PDF.
In this article I will show you what the transport zone is used for and how to configure it i.c.w. vSphere + vCloud Networking & Security with VXLAN. An alternative is to configure an NSX based transport zone which is not covered in this article. Check Scott Lowe’s blog how to configure a NSX based transport zone in these articles.
What is the vCAC transport zone used for?
The transport zone is used for temporary, internal multi-machine networks. In vCloud Director terminology you would talk about a network pool which is used to provision vApp networks. A vCD vApp network is only accesible for the vApp, the same counts for the transport zone which provides networks for internal multi-machine usage.
You’re required to configure a transport zone when you want to configure a NAT, private or routed network for a multi-machine blueprint.
If you’re just connecting the multi-machine blueprint to a normal network, a transport zone is not required.
Before you can define a transport zone on vCAC level, you first have to setup a VXLAN configuration in vSphere. Some good resources are available on configuring VXLAN are available on-line:
The installation of VXLAN consists of the following steps:
- Install vCloud Networking & Security (vCNS, f.k.a. vShield) and connect the appliance to your vSphere environment;
- Configure a vSphere Distributed Switch (vDS) which will be used for VXLAN, and define a carrying VXLAN;
- Open the vCNS interface and complete the preparation steps: Connectivity and SegmentID;
- Define the network scope for your VXLAN, this is your vCAC transport zone;
- You don’t have to setup any virtual wires or edges, this is automatically managed by vCAC.
If everything went fine you have no succesfully completed the configuration VXLAN connectivity, a segment ID and network scope. With VXLAN you can configure virtual wires, which are isolated logical networks. In the case of vCloud Automation Center, vCAC will create these wires for you.
Configure the transport zone on the vCAC reservations level
The next step is to configure the transport zone on a reservation level in vCloud Automation Center. Navigate to Infrastructure>Reservations>Reservation and select the transport zone under network>advanced. The transport zone is (of course) only available in the reservation that is linked to the cluster you’ve initially configured the VXLAN network scope on.
A vSphere network scope…
…is a vCloud Automation Center transport zone:
Before you can link this transport zone to a multi-machine blueprint, you first have define a network policy that can be consumed by the multi-machine blueprint. Navigate to infratructure>reservations>network profiles. For simplicity and to test the transport zone you can configure a private network. A private network is available only to the multi-machine blueprint and not routed in anyway to another LAN. The network profile is a configuration that will re-used in different multi-machine blueprints.
Other examples are a external, routed or NAT network. You will first need to define a external network if you want to setup a NAT or routed network.
Configure the transport zone on multi-machine blueprint level
Now you can configure the transport zone on a multi-machine blueprint level. Create a new blueprint, include one or more virtual machine (blueprints) to it and configure the transport zone for this blueprint. Also add a private network, based on the configured network profile that was configured in the previous step:
Important: Don’t forget to connect the private network to the virtual machine. Choose Build Information and select edit for one or more of the included blueprints in the multi-machine blueprint. Connect the private network to the blueprints:
The next step is to request the multi-machine blueprint and see how:
- vCAC will deploy the multi-machine blueprint;
- Will create the virtual wire(s) – You can check them in the vCNS interface;
- Deploy a vShield Edge (VSE) – This VSE appliance can be used for networking services (e.g. DHCP), fire walling and routing if required. You can configure the VSE in vCAC as part of the multi-machine blueprint.
- Start your virtual virtual machines and publish your multi-machine instance in the My Items screen.
I hope this article helps to make you understand the transport zone, its role and how it’s configured as part of a multi-machine blueprint.