VMware vCloud vCloud Air User guide

vCloud Air Advanced Networking

Services Guide

vCloud Air

This document supports the version of each product listed and

supports all subsequent versions until the document is

replaced by a new edition. To check for more recent editions

of this document, see http://www.vmware.com/support/pubs.

EN----00

vCloud Air Advanced Networking Services Guide

2 VMware, Inc.

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

Copyright

©

VMware, Inc.

3401 Hillview Ave.

Palo Alto, CA 94304

www.vmware.com

Contents

Preface 5

1

Introducing Advanced Networking Services for vCloud Air 7

Upgrade an Edge Gateway to Advanced Networking Services 7

Log In and Navigate to Advanced Networking Services 9

Statistics and Logs for Advanced Networking Services 11

2

Advanced Routing for vCloud Air 15

Specify Global Configuration 15

Add a Static Route 16

Configure BGP 17

Configure OSPF 18

Configure Route Redistribution 20

3

Certificate and Security Group Management 23

Certificate Management in vCloud Air 23

Generate a Certificate Signing Request 23

Configure a CA Signed Certificate 24

Configure a Self-Signed Certificate 25

Add a Certificate 25

Add a Certificate Revocation List 26

Security Objects in vCloud Air 26

Create an IP Address Group 26

Create a Service 27

Create a Service Group 27

4

Network Security and Isolation 29

Types of Firewalls in vCloud Air 29

Edge Gateway Firewall 29

Firewall for Trust Groups 30

Manage Edge Gateway Firewall Rules 30

Add an Edge Gateway Firewall Rule 31

Edit an Edge Gateway Firewall Rule 33

Change the Order of a Gateway Firewall Rule 34

Manage Trust Groups Firewall Rules 35

Add a Trust Groups Firewall Rule 35

Edit a Trust Groups Firewall Rule 38

5

Load Balancing 39

Set Up Load Balancing 39

Configure the Load Balancer Service 40

VMware, Inc.

3

Create an Application Profile 40

Create a Service Monitor 43

Add a Server Pool 45

Add a Virtual Server 46

Add an Application Rule 47

6

Secure Access Using Virtual Private Networks 49

SSL VPN-Plus Overview 49

About Configuring SSL VPN-Plus 50

Configure Server Settings 51

Add an IP Pool 52

Add a Private Network 53

Add an Authentication Server 54

Add an Installation Package 56

Add an SSL VPN-Plus User 57

Add a Web Resource for SSL VPN-Plus Access 58

Edit Client Configuration 59

Add a Script 60

Edit the Default SSL VPN-Plus Settings 60

Customize the Portal Design 61

IPsec VPN Overview 61

About Setting up an IPsec VPN Connection 62

Specify Global IPsec VPN Configuration 62

Set up an IPsec VPN Connection to a Remote Site 63

7

IP Service Management: NAT and DHCP 67

Network Address Translation (NAT) 67

Add an SNAT or DNAT Rule 68

DHCP Service 69

Add a DHCP IP Pool 70

Add a DHCP Static Binding 70

Index 73

vCloud Air Advanced Networking Services Guide

4 VMware, Inc.

Preface

The vCloud Air Advanced Networking Services Guide provides information about configuring networking for

VMware

®

vCloud Air Advanced Networking Services, including how to configure dynamic routing,

firewall rules, load balancing, and VPN access.

Intended Audience

This guide is intended for network administrators and virtual administrators who will be configuring

networking in vCloud Air. The information is written for experienced administrators who are familiar with

virtual machine technology and networking concepts.

Related Documentation

Configuring networking for vCloud Air includes configuring basic and advanced networking features. See

the vCloud Air Networking Guide for a description of the default network setup, how to add networks to

vCloud Air, how to add gateways to your Dedicated Cloud subscription service, and how to add virtual

machines to networks.

See also the vCloud Air User's Guide for information about the features available for your vCloud Air

Dedicated Cloud subscription service and Virtual Private Cloud subscription service.

VMware Technical Publications Glossary

VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For definitions

of terms as they are used in VMware technical documentation, go to

http://www.vmware.com/support/pubs.

VMware, Inc.

5

vCloud Air Advanced Networking Services Guide

6 VMware, Inc.

Introducing

Advanced Networking Services for

vCloud Air 1

VMware vCloud™ Air

®

Advanced Networking Services, powered by the VMware NSX™ network

virtualization platform, offer enhanced security controls and routing, and network scaling capabilities in the

cloud.

vCloud Air Advanced Networking Services allow customers to achieve unprecedented security and

isolation in a public cloud. Advanced Networking Services deliver the following benefits:

n

Dynamic Routing: Support routing protocols such as Border Gateway Protocol (BGP) and Open

Shortest Path First (OSPF) to simplify network integration between on-premises and cloud-based

environment, allowing for redundancy and continuity in cloud-hosted application deployment.

n

Fine-grained network security and isolation: Support the use of object-based rule definitions to provide

stateful network traffic isolation without requiring multiple virtual networks. Unique in the public

cloud market, this "zero trust" security model prevents intruders from gaining full network access if an

application or virtual machine is compromised. Advanced Networking Services dramatically simplify

network configuration by leveraging the same network security policies to protect applications on-

premises and in the cloud and extend your zero trust security model for portable security no matter

where an application is deployed.

n

Additional Advanced Networking Services: Enhanced VPN support for point-to-site (IPsec VPN) and

user (SSL VPN) connectivity, enhanced load balancing for HTTPS, and expanded network scalability.

This chapter includes the following topics:

n

“Upgrade an Edge Gateway to Advanced Networking Services,” on page 7

n

“Log In and Navigate to Advanced Networking Services,” on page 9

n

“Statistics and Logs for Advanced Networking Services,” on page 11

Upgrade an Edge Gateway to Advanced Networking Services

Upgrade an edge gateway in your vCloud Air deployment to leverage the new

Advanced Networking Services features and functionality.

You upgrade to Advanced Networking Services on a gateway-by-gateway basis. Meaning, you select which

edge gateways to upgrade and during the upgrade process, you can continue to operate edge gateways

leveraging the existing VMware network technology. See the vCloud Air Networking Guide for

information.

VMware, Inc.

7

When you upgrade an edge gateway to Advanced Networking Services, the edge gateway configuration is

maintained through the upgrade; for example, if you configured firewall rules or load balancing, the edge

gateway will maintain the firewall settings and be configured for load balancing after the upgrade.

NOTE After upgrading an edge gateway, you cannot revert the edge gateway to its previous state.

Additionally, if you are an API user, the APIs change post-upgrade to enable the new features and

functionality.

Prerequisites

To upgrade an edge gateway to Advanced Networking Services, you must meet these prerequisites:

n

You have a license for Advanced Networking Services. Contact your VMware Customer Success Team

representative for information. If you have not obtained a license, upgrading an edge gateway will not

succeed.

n

You have subscribed to a vCloud Air Virtual Private Cloud or Dedicated Cloud subscription service

and have configured networking using the basic networking features.

Procedure

1 Go to https://vca.vmware.com and log in to vCloud Air using your user name and password.

The VMware vCloud Air services page appears.

2 Click the My Subscriptions tile.

The VMware vCloud Air Dashboard appears.

3 Click the Gateways tab and click the tile for the gateway you want to upgrade.

4 Click Manage in vCloud Director.

vCloud Director opens in a new browser tab and the Org VDC Networks tab is displayed.

5 Click the Edge Gateways tab.

The gateways located in the virtual data center appear.

6 Click the gateway that you want to upgrade, right click and select Convert to Advanced Networking.

The Convert to advanced networking dialog box appears. The dialog box provides information about

upgrading to the new APIs for Advanced Networking Services.

NOTE If the option Convert to Advanced Networking is unavailable, this means that the edge gateway

has already been upgraded or you do not have a license for this operation.

7 Click Yes to proceed with the upgrade.

The upgrade can take a few minutes to complete in vCloud Director.

Before you upgrade an edge gateway, the vCloud Air Web UI has the following functionality available for

you to configure these basic networking functions:

vCloud Air Advanced Networking Services Guide

8 VMware, Inc.

Figure 1‑1. vCloud Air Air Gateway Before Upgrade

After you upgrade an edge gateway, the networking functionality available in the vCloud Air Web UI

changes.

Figure 1‑2. vCloud Air Gateway After Upgrade

After an upgrade, the tabs for configuring NAT and firewall rules are moved to thevCloud Director Web UI

to match the NSX user experience. Click Manage in vCloud Director to navigate to the

Advanced Networking Services UI where you configure those functions (and others) for your vCloud Air

environment.

vCloud Air maintains your existing, pre-upgrade network configuration after the upgrade.

Log In and Navigate to Advanced Networking Services

You access the Advanced Networking Services Web UI on a per edge gateway basis. After you upgrade an

edge gateway to Advanced Networking Services, have access to all the advanced networking features for

that edge gateway.

You can still use the VMware vCloud Air Web UI to configure basic networking features for your VMware

vCloud Air environment, such as creating networks, assigning virtual machines to networks, and allocating

IP addresses to your edge gateways. See the vCloud Air Networking Guide for information about using the

basic network features.

Prerequisites

To access Advanced Networking Services for an edge gateway, you must meet these prerequisites:

n

Sign into your vCloud Air subscription service by using a supported browser. See Supported Browsers

for vCloud Air in the vCloud Air User's Guide for information.

n

Have upgraded the edge gateway that you want to access to Advanced Networking Services. See

“Upgrade an Edge Gateway to Advanced Networking Services,” on page 7 for information.

Chapter 1 Introducing Advanced Networking Services for vCloud Air

VMware, Inc. 9

Procedure

1 Go to https://vca.vmware.com and log in to vCloud Air using your user name and password.

If you are logging in to vCloud Air for the first time, see Sign In to vCloud Air in the vCloud Air User's

Guide for information.

The VMware vCloud Air services page appears.

2 Click the My Subscriptions tile.

The VMware vCloud Air Dashboard appears.

3 Click the Gateways tab and click the tile for the gateway you want to mange.

4 Click Manage in vCloud Director.

vCloud Director opens in a new browser tab and the Org VDC Networks tab is displayed.

5 Click the Edge Gateways tab.

The gateways located in the virtual data center appear.

6 Select the gateway, right click and select Edge Gateway Services.

VMware vCloud Edge Gateway Services appears in a new browser tab. By default, the Dashboard tab

is selected.

NOTE If the edge gateway has not been upgraded, selecting Edge Gateway Services displays the

vCloud Director edge gateway UI. Additionally, when you right click and display the edge gateway

menu, you see that the option Convert to Advanced Networking is available, indicating that the edge

gateway has not been upgraded to Advanced Networking Services.

7 Select a tab to configure that advanced networking feature.

NOTE To access the Trust Group feature, navigate to the virtual data center and manage the firewall

settings. See “Add a Trust Groups Firewall Rule,” on page 35 for information.

vCloud Air Advanced Networking Services Guide

10 VMware, Inc.

Statistics and Logs for Advanced Networking Services

You can view statistics and access logs for the edge gateways deployed for Advanced Networking Services.

Statistics

Navigate to an edge gateway in vCloud Director, right click and select Edge Gateway Services. VMware

vCloud Edge Gateway Services appears in a new browser tab. By default the Dashboard tab is selected.

Statistics and status information are accessible from the following areas of Advanced Networking Services:

n

Dashboard

n

SSL VPN-Plus

n

IPsec VPN

n

Firewall Rules—Edge Gateway and Trust Groups

Dashboard

The Dashboard provides operational visibility for Advanced Networking Services. The Dashboard displays

graphs for the traffic flowing through the interfaces of the selected edge gateway and connection statistics

for the firewall and load balancer services.

NOTE For additional statistics and historical data, you can configure vRealize Operations to query more

advanced data and historical metrics.

Select the period for which you want to view the statistics.

SSL VPN-Plus Dashboard

The dashboard displays the status of the service, number of active SSL VPN sessions, and session statistics

and data flow details. Click Details next to Number of Active Sessions to view information about the

concurrent connections to private networks behind the edge gateway.

Chapter 1 Introducing Advanced Networking Services for vCloud Air

VMware, Inc. 11

Figure 1‑3. Statistics on the SSL VPN-Plus Dashboard

IPsec VPN

Click the IPSEC VPN tab > Show IPsec Statistics to display the status of the tunnel.

Firewall Rules

You can view statistics for edge gateway firewall rules and Trust Group firewall rules in the following ways:

1 Navigate to a Firewall tab:

n

For an edge gateway firewall rule, see “Log In and Navigate to Advanced Networking Services,”

on page 9.

n

For a Trust Group firewall rule, see “Add a Trust Groups Firewall Rule,” on page 35.

vCloud Air Advanced Networking Services Guide

12 VMware, Inc.

2

On the Firewall tab, click

(column display icon) and select the Stats check box.

The page refreshes and the Stats column appears in the table.

3

Click (the stats icon) for a rule.

Figure 1‑4. Statistics for an Edge Gateway Firewall Rule

You can view the traffic related to the rule—traffic packets and size.

Figure 1‑5. Statistics for a Trust Group firewall rule

Logs

You can enable logging an edge gateway for all the major features in Advanced Networking Services:

Table 1‑1. How To Enable Logging Per Feature

Navigation for Feature Description

Firewall tab > Action cell of a rule and click ] > Log

option

Logs all sessions matching this rule.

DHCP > DHCP Service Status > Enable logging check box

NAT > Add ( ) icon > Add DNAT Rule or Add SNAT

Rule > Enable logging check box

Logs the address translation.

Routing tab > Global Configuration > Dynamic Routing

Configuration > Edit > Enable Logging check box

Load Balancer tab > Global Configuration > Edit > Logging

check box

IPSEC VPN tab > Logging Policy section > Enable logging

check box

Logs the traffic flow between the local subnet and peer

subnet.

SSL VPN-Plus tab > Server Settings > Logging Policy >

Change > Enable logging check box

SSL VPN-Plus tab > General Settings > Change > Enable

logging check box

Maintains a log of the traffic passing through the SSL VPN

gateway.

Collecting log data is a multi-step process:

1 Enable logging for the features for which you need log data as described in the table above.

Chapter 1 Introducing Advanced Networking Services for vCloud Air

VMware, Inc. 13

2 Configure a syslog server to receive the log data. See Capturing vCloud Air Edge Gateway Data with

Syslog in the VMware vCloud Blog.

The logged data is accessible via your configured syslog server.

vCloud Air Advanced Networking Services Guide

14 VMware, Inc.

Advanced Routing for vCloud Air 2

You can specify static and dynamic routing for each edge gateway in vCloud Air.

To enable dynamic routing, you can configure an edge gateway using the Border Gateway Protocol (BGP) or

the Open Shortest Path First (OSPF) protocol.

This chapter includes the following topics:

n

“Specify Global Configuration,” on page 15

n

“Add a Static Route,” on page 16

n

“Configure BGP,” on page 17

n

“Configure OSPF,” on page 18

n

“Configure Route Redistribution,” on page 20

Specify Global Configuration

You can configure the default edge gateway for static routes and specify dynamic routing details for an edge

gateway.

Procedure

1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See “Log In and Navigate to Advanced Networking Services,” on page 9 for information.

2 Click the Routing tab and Global Configuration.

3 To enable Equal-cost multi-path routing (ECMP), click Enable next to ECMP.

ECMP is a routing strategy that allows next-hop packet forwarding to a single destination can occur

over multiple best paths. These best paths can be added statically or as a result of metric calculations by

dynamic routing protocols like OSPF or BGP. Multiple paths for static routes can be added by

providing multiple next hops separated by commas in the Static Routes dialog box.

See “Add a Static Route,” on page 16 for information.

The edge gateway utilizes Linux network stack implementation, a roundrobin algorithm with a

randomness component. After a next hop is selected for a particular source and destination IP address

pair, the route cache stores the selected next hop. All packets for that flow go to the selected next hop.

The default IPv4 route cache timeout is 300 seconds (gc_timeout). When an entry is inactive for this

time, it is eligible to be removed from the route cache. The actual removal happens when the garbage

collection timer activates (gc_interval = 60 seconds).

VMware, Inc.

15

4 To specify the default gateway, click Edit next to Default Gateway.

a Select an interface from which the next hop towards the destination network can be reached.

b Type the gateway IP address if required.

c Edit the MTU if required and type a description.

d Click Save.

5 To configure dynamic routing, click Edit next to Dynamic Routing Configuration.

NOTE If you have IPsec VPN configured in your environment, you should not use dynamic routing.

a Select the router ID.

The Router ID list displays the first uplink IP address of the edge gateway that pushes routes to the

kernel for dynamic routing.

b Select Enable Logging to save logging information and select the log level.

c Click OK.

6 Click Publish Changes.

What to do next

To delete routing configuration, click Reset. This deletes all routing configurations (default, static, OSPF,

and BGP configurations, as well as route redistribution).

Configure route redistribution. See “Configure Route Redistribution,” on page 20.

Configure dynamic routing. See the following topics:

n

“Configure BGP,” on page 17

n

“Configure OSPF,” on page 18

Add a Static Route

You can add a static route for a destination subnet or host.

Procedure

1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See “Log In and Navigate to Advanced Networking Services,” on page 9 for information.

2 Click the Routing tab and Static Routes.

3

Click the Add (

) icon.

The Add Static Route dialog box appears.

4 Configure the following options for the static route:

Option Description

Network

Type the Network in CIDR notation.

Next Hop

Type the IP address of the Next Hop.

The router must be able to directly reach the next hop.

When ECMP is enabled, you can type multiple next hops. See “Specify

Global Configuration,” on page 15 for information.

Interface

Select the interface on which you want to add a static route.

vCloud Air Advanced Networking Services Guide

16 VMware, Inc.

Option Description

MTU

Edit the maximum transmission value for the data packets if required.

The MTU value cannot be higher than the MTU value set on the edge

gateway interface. See “Specify Global Configuration,” on page 15 for

information about he MTU set for the default edge gateway.

Description

(Optional) Type a description for the static route.

5 Click OK.

What to do next

Configure a NAT rule for the static route. See “Add an SNAT or DNAT Rule,” on page 68 .

Add a firewall rule to allow traffic to traverse the static route. See the following topics:

n

“Add an Edge Gateway Firewall Rule,” on page 31

n

“Add a Trust Groups Firewall Rule,” on page 35

Configure BGP

You can configure Border Gateway Protocol for vCloud Air to exchange routes between your on-premises

border devices and vCloud Air. BGP makes core routing decisions by using a table of IP networks or

prefixes, which designate network reachability among multiple autonomous systems.

The BGP border devices established a connection before any routing information is exchanged. After

establishing the connection, the border devices exchange routes and synchronize their tables. Each border

device sends keepalive messages to keep this relationship alive.

Procedure

1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See “Log In and Navigate to Advanced Networking Services,” on page 9 for information.

2 Click the Routing tab and BGP.

3 In BGP Configuration, complete the BGP options:

a Click Edit next to BGP Configuration.

b Click Enable BGP.

c For packet forwarding to be uninterrupted during restart of BGP services, select Enable Graceful

Restart.

d To allow the edge gateway to advertise itself as a default gateway to its peers, select Enable

Default Originate.

e Type a value (a globally unique number between 1-65534) for the Local AS.

vCloud Air assigns the local autonomous system (AS) number to the edge gateway you are

configuring and advertises the local AS when the edge gateway peers with routers in other

autonomous systems. The path of ASs that a route traverses is used as one metric when selecting

the best path to a destination.

f Click OK.

4 In Neighbors, configure the routing neighbors:

a

Click the Add ( ) icon.

b Type the IP address of your on-premises border device that vCloud Air connect to.

Chapter 2 Advanced Routing for vCloud Air

VMware, Inc. 17

c Type a value (a globally unique number between 1-65534) for the Remote AS.

vCloud Air assigns the remote AS number to the border device you are creating the connection for.

d If necessary, edit the default weight for the neighbor connection.

e If necessary, edit the default interval for the Keep Alive Time.

f If necessary, edit the default interval for the Hold Down Time.

The edge gateway uses the standard, default values for the keep alive timer (60 seconds) and the

hold down timer. The default value for the hold down timer is 3xkeepalive or 180 seconds. Once

peering between two neighbors is achieved, the edge gateway starts a hold down timer. Every

keep alive message it receives from the neighbor resets the hold down timer to 0. If the edge

gateway fails to receive three consecutive keep alive messages, so that the hold down timer reaches

180 seconds, the edge gateway considers the neighbor down and deletes the routes from this

neighbor.

g In Password, type the authentication password.

Each segment sent on the connection between the neighbors is verified. MD5 authentication must

be configured with the same password on both BGP neighbors, otherwise, the connection between

them will not be made.

5

To specify route filtering from a neighbor using an prefix list, click the Add (

) icon in the BGP Filters

area and configure the following options:

CAUTION A "block all" rule is enforced at the end of the filters.

a Select the direction to indicate whether you are filtering traffic to or from the neighbor.

b Select the action to indicate whether you are allowing or denying traffic.

c Type the network in CIDR format that you want to filter to or from the neighbor.

d Type the IP prefixes that are to be filtered and click OK.

6 Click Publish Changes.

What to do next

Add a firewall rule that allows traffic to and from the remote border device in your on-premises data center.

See “Add an Edge Gateway Firewall Rule,” on page 31 for information.

Configure BGP in your on-premises data center for the remote border device that vCloud Air is connecting

to using the AS values and password you set in vCloud Air. These values must match on both sides of the

connection.

Configure OSPF

The edge gateway supports OSPF, an interior gateway protocol that routes IP packets only within a single

routing domain. Configure OSPF in vCloud Air to exchange routing information between edge gateways in

vCloud Air.

Use OSPF to gather link state information from available routers and construct a topology map of the

network. The topology determines the routing table presented to the Internet layer, which makes routing

decisions based on the destination IP address found in IP packets.

OSPF routing policies provide a dynamic process of traffic load balancing between routes of equal cost. An

OSPF network is divided into routing areas to optimize traffic flow and limit the size of routing tables. An

area is a logical collection of OSPF networks, routers, and links that have the same area identification. Areas

are identified by an Area ID.

vCloud Air Advanced Networking Services Guide

18 VMware, Inc.

Prerequisites

A Router ID must have been selected. “Specify Global Configuration,” on page 15

Procedure

1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See “Log In and Navigate to Advanced Networking Services,” on page 9 for information.

2 Click the Routing tab and OSPF.

3 In OSPF Configuration, complete the OSPF options:

a Click Edit next to OSPF Configuration.

b Select Enable OSPF.

c For packet forwarding to be uninterrupted during restart of OSPF services, select Enable Graceful

Restart.

d To allow the edge gateway to advertise itself as a default gateway to its peers, select Enable

Default Originate.

e Click OK.

4 In Area Definitions, configure the OSPF areas:

a Delete the not-so-stubby area (NSSA) 51 that is configured by default.

b

Click the Add (

) icon.

c Type an area ID.

The edge gateway supports an area ID in the form of an IP address or decimal number.

d In Type, select Normal or NSSA.

NSSAs prevent the flooding of AS-external link-state advertisements (LSAs) into NSSAs. They rely

on default routing to external destinations. Hence, NSSAs must be placed at the edge of an OSPF

routing domain. NSSA can import external routes into the OSPF routing domain, thereby

providing transit service to small routing domains that are not part of the OSPF routing domain.

e In Authentication, select Password or MD5 and type the password or MD5 key, respectively, for

the value.

n

Password: In this method of authentication, a password is included in the transmitted packet.

n

MD5: This authentication method uses MD5 (Message Digest type 5 ) encryption. An MD5

checksum is included in the transmitted packet.

5 In Area to Interface Mapping, map interfaces to areas by completing the following steps:

a

In Area Definitions, click the Add ( ) icon.

b From the vNIC drop-down list, select the interface that you want to map to the OSPF area. The

interface specifies the external network that both edge gateways are connected to.

c Type an Area ID. The edge gateway supports an area ID in the form of an IP address or decimal

number.

Chapter 2 Advanced Routing for vCloud Air

VMware, Inc. 19

d (Optional) Select Ignore Interface MTU Settings to disable MTU mismatch detection on received

Database Descriptor (DBD) packets.

When configuring OSPF, routers connected to the same shared subnet should have the same MTU

setting. However, you can force OSPF neighbors to establish a session even when their interface

MTU settings do not match. Use caution when selecting this setting because it can lead to packet

drops and cause the adjacency to reset repeatedly.

e (Optional) Expand the Advanced section and complete the following options.

NOTE vCloud Air provides a default value for each option. You can accept these default values or

edit them for your environment.

Option Description

Hello Interval

Specifies the default interval between hello packets that are sent on the

interface.

Dead Interval

Specifies the default interval during which at least one hello packet

must be received from a neighbor before the router declares that

neighbor down.

Priority

Specifies the default priority of the interface. The interface with the

highest priority is the designated router.

Cost

Specifies the default overhead required to send packets across that

interface. The cost of an interface is inversely proportional to the

bandwidth of that interface. The larger the bandwidth, the smaller the

cost.

6 Click Publish Changes.

What to do next

Add a firewall rule that allows traffic between the edge gateways in vCloud Air that you are configuring

OSPF routing for. See “Add an Edge Gateway Firewall Rule,” on page 31 for information.

Configure OSPF on the other edge gateways in vCloud Air that you want to exchange routing information

with.

Configure Route Redistribution

By default, routers share routes with other routers running the same protocol. In a multi-protocol

environment, you must configure route redistribution for cross-protocol route sharing.

Procedure

1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See “Log In and Navigate to Advanced Networking Services,” on page 9 for information.

2 Click the Routing tab and Route Redistribution.

3 Click Edit next to Route Redistribution Status.

4 Select the protocols for which you want to enable route redistribution and click OK.

5 To add an IP prefix, perform the following steps:

a

Click the Add (

) icon in IP Prefixes.

b Type a name and the IP address of the network.

c Click OK.

vCloud Air Advanced Networking Services Guide

20 VMware, Inc.

Page is loading ...

VMware vCloud vCloud Air User guide

VMware vCloud vCloud Air User guide

Related papers

Other documents