Subnets on VMware Engine

Google Cloud VMware Engine creates a network per region in which your VMware Engine service is deployed. The network is a single TCP Layer 3 address space with routing enabled by default. All private clouds and subnets created in this region can communicate with each other without any additional configuration. You can create network segments (subnets) using NSX-T for your workload virtual machines.

VLANs and subnets.

Management VLANs

Google creates a VLAN (Layer 2 network) for each private cloud. The Layer 2 traffic stays within the boundary of a private cloud, letting you isolate the local traffic within the private cloud. These VLANs are used for management network. For workload virtual machines, you must create network segments on NSX-T manager for your private cloud.

Subnets

You must create a network segment on the NSX-T manager for your private cloud. A single private Layer 3 address space is assigned per customer and region. You can configure any RFC 1918 that doesn't overlap with other networks in your private cloud, on-premises network, management network of your private cloud, or any VPC subnets.

All subnets can communicate with each other by default, reducing the configuration overhead for routing between private cloud. East-west data across private clouds in the same region stays in the same Layer 3 network and transfers over the local network infrastructure within the region. No egress is required for communication between private clouds in a region. This approach eliminates any WAN/egress performance penalty in deploying different workloads in different private clouds of the same project.

vSphere/vSAN subnets CIDR range

A private cloud is an isolated VMware stack (ESXi hosts, vCenter, vSAN, and NSX) environment managed by a vCenter server. Management components are deployed in the network selected for vSphere/vSAN subnets CIDR. The network CIDR range is divided into different subnets during the deployment.

  • Minimum vSphere/vSAN subnets CIDR range prefix: /24
  • Maximum vSphere/vSAN subnets CIDR range prefix: /21

vSphere/vSAN subnets CIDR range limits

Selecting the vSphere/vSAN subnets CIDR range size affects the size of your your private cloud. The following table shows the maximum number of nodes you can have, based on the size of the vSphere/vSAN subnets CIDR.

Specified vSphere/vSAN subnets CIDR prefix length Maximum number of nodes
/24 26
/23 58
/22 118
/21 220

Management subnets created on a private cloud

When you create a private cloud, the following management subnets are created:

  • System management: VLAN and subnet for ESXi hosts' management network, DNS server, vCenter server
  • VMotion: VLAN and subnet for ESXi hosts' vMotion network
  • VSAN: VLAN and subnet for ESXi hosts' vSAN network
  • NsxtEdgeUplink1: VLAN and subnet for VLAN uplinks to an external network
  • NsxtEdgeUplink2: VLAN and subnet for VLAN uplinks to an external network
  • NsxtEdgeTransport: VLAN and subnet for transport zones control the reach of Layer 2 networks in NSX-T
  • NsxtHostTransport: VLAN and subnet for host transport zone

Management network CIDR range breakdown

The vSphere/vSAN subnets CIDR range you specify is divided into multiple subnets. The following table shows an example of the breakdown for allowed prefixes. The example uses 192.168.0.0 as the CIDR range.

Example:

Specified vSphere/vSAN subnets CIDR/prefix 192.168.0.0/21 192.168.0.0/22 192.168.0.0/23 192.168.0.0/24
System management 192.168.0.0/24 192.168.0.0/24 192.168.0.0/25 192.168.0.0/26
vMotion 192.168.1.0/24 192.168.1.0/25 192.168.0.128/26 192.168.0.64/27
vSAN 192.168.2.0/24 192.168.1.128/25 192.168.0.192/26 192.168.0.96/27
NSX-T host transport 192.168.4.0/23 192.168.2.0/24 192.168.1.0/25 192.168.0.128/26
NSX-T edge transport 192.168.7.208/28 192.168.3.208/28 192.168.1.208/28 192.168.0.208/28
NSX-T edge uplink1 192.168.7.224/28 192.168.3.224/28 192.168.1.224/28 192.168.0.224/28
NSX-T edge uplink2 192.168.7.240/28 192.168.3.240/28 192.168.1.240/28 192.168.0.240/28

HCX deployment network CIDR range

When you create a private cloud on VMware Engine, HCX is installed on the private cloud automatically. You can specify a network CIDR range for use by HCX components. The CIDR range must be /27 or higher.

The network provided is split into three subnets. HCX manager is installed in the HCX management subnet. The HCX vMotion subnet is used for vMotion of virtual machines between your on-premises environment and VMware Engine private cloud. The HCX WANUplink subnet is used for establishing the tunnel between your on-premises environment and VMware Engine private cloud.

What's next