Knowledge Base  /  CenturyLink Private Cloud on VMware Cloud Foundation  /  Network
Knowledge Base  /  CenturyLink Private Cloud on VMware Cloud Foundation  /  Network

Create Internet Accessible Network

Updated by Anthony Hakim on Sep 18, 2019
Article Code: kb/1252

Description

In this KB article, we walk through how to create a new software-defined network in CenturyLink Private Cloud on VMware Cloud Foundation (CPC on vCF). In this particular use case, we would like to allow this network to have Outbound Internet., and will do the following:

  1. Create the Network
  2. Create a Firewall Rule to allow Outbound Internet Access for the Network
  3. Create a Source NAT Rule to allow Outbound Internet Access for the Network

Steps

Create the Network

Log in to your CPC on vCF environment.

Click Datacenters from the menu dropdown. Select your Datacenter. Select Networks in the left side-panel. On the Networks page, click NEW

Network

In the New Organization VDC Network page:

  1. Network Type: Select Routed and click NEXT

    Network

  2. General:

  • Name: Enter your network name

  • Gateway CIDR: (i.e. 10.20.30.1/24)

  • Description: Optional

  • Shared: Default setting

  • Click NEXT

    Network

  1. Edge Connection:
  • Select your Edge

  • Interface Type: Select Distributed

  • Guest VLAN Allowed: Keep default selection

  • Click NEXT

    Network

  1. Static IP Pools:
  • Enter an IP range (i.e. 10.20.30.50-10.20.30.200)

  • Click ADD

  • Click NEXT

    Network

  1. DNS
  • Primary DNS: (i.e. 8.8.8.8)

  • Secondary DNS: (i.e. 8.8.4.4)

  • DNS suffix: As needed

  • Click NEXT

    Network

  1. Ready to Complete
  • Review your selections and click FINISH

    Network

Create the Firewall Rule to allow Outbound Internet Access for the Network
  • In vCloud Director, under Networking, click Edges, select your Edge (siteID-edge-0) and click CONFIGURE SERVICES

    Network

  • In the Edge Gateway - siteID-edge-0 page, ensure Firewall is selected, then click + to add a New Rule

    Network

  • Enter the following for the New Rule:

    • Name: Outbound 10.20.30.0 network

    • Type: User (by default)

    • Source: Click IP, enter 10.20.30.0/24 and click KEEP

      Network

    • Destination: Any (by default) - varies by requirements

    • Service: Any (by default) - varies by requirements

    • Action: Accept

    • Enable logging: Unchecked (by default) - varies by requirements

    • Click Save changes

      Network

Create a Source NAT Rule to allow Outbound Internet Access for the Network
  • In the Edge Gateway - siteID-edge-0 page, click NAT, then click + SNAT RULE (under NAT 44 Rules)

    Note: You will need to make a note of the Public IP that is listed under Translated in order to create this SNAT rule.

    Network

  • Enter the following for the New Rule:

    • Applied On: Public-1

    • Original Source IP/Range: 10.20.30.0/24

    • Translated Source IP/Range: This is the Public IP you recorded from the note above

    • Click KEEP

      Network