vCenter Network Service

vCenter network service currently supports the VPC network architecture model.

A VPC network provides network services such as SNAT, DHCP, elastic IP (EIP), port forwarding, load balancing, and IPsec tunnel.
  • SNAT: A VPC vRouter provides the source network address translation (SNAT) service to vCenter VM instances. vCenter VM instances can directly access the Internet by using SNAT.
  • DHCP: Centralized DHCP services realize a dynamic IP address obtainment.
  • EIP: Allows a VPC vRouter to access the private network of a vCenter VM instance through a public network.
  • Port forwarding: Forwards the port traffics of a specified public IP address to the port of a corresponding vCenter VM IP address.
  • Load balancing: Distributes inbound traffics from a public IP address to a group of backend vCenter VM instances, and then automatically detects and isolates unavailable vCenter VM instances.
  • IPsec tunnel: Uses an IPsec tunnel protocol to provide site-to-site VPN connections.

ZStack Cloud supports multi-account management in a managed vCenter. Normal accounts and project members can use vCenter network services, including EIP, port forwarding, and load balancing.


VIP (ESX)

A VPC network uses ESX virtual IP addresses (VIPs) to provide network services, including elastic IP (EIP), port forwarding, load balancing, and IPsec tunnel. This topic falls into the following parts:

VIP Types

Similar to KVM VIPs, an ESX VIP has two types: custom ESX VIP and system ESX VIP.
  1. Custom ESX VIP.
    • Creation: A custom ESX VIP is manually created by users.
    • Network Service:
      • The custom VIP in a VPC network environment can be used for network services, such as EIP, port forwarding, load balancing, and IPsec tunnel.
      • One custom VIP is used for only one EIP service instance.
      • One custom VIP can be used for port forwarding, load balancing, and IPsec tunnel at the same time, and supports multiple instances of the same service type.
        Note: Different types of services cannot use the same port number.
      • The custom VIP cannot be used across VPC vRouters.
    • Deletion:
      • Deleting a custom VIP also deletes all services the VIP provides.
      • Deleting a service of a custom VIP does not affect other services the VIP provides.
  2. System ESX VIP.
    • Creation:

      A system ESX VIP is automatically created by the system after a VPC vRouter is successfully created. This system VIP address is the default public IP address of the routing device.

    • Network service:
      • The system VIP in a VPC vRouter environment is used for network services, such as port forwarding, load balancing, and IPsec tunnel.
      • One system VIP can be used for port forwarding, load balancing, and IPsec tunnel at the same time, and supports multiple instances of the same service type.
        Note: Different types of services cannot use the same port number.
      • One system VIP corresponds to one VPC vRouter.
    • Deletion:
      • Deleting a service of a system VIP does not affect other services the VIP provides.
      • Deleting a VPC vRouter also deletes the corresponding system VIP and all services the VIP provides.

Create a Custom ESX VIP

The steps of creating a custom ESX VIP are basically the same as that of creating a custom KVM VIP.

On the main menu of ZStack Cloud, choose Resource Center > Network Service > Basic Network Service > VIP. On the Custom page, click Create VIP. Then, the Create VIP page is displayed. On the displayed page, set the parameters. For detailed information, you can refer to User Guide.

Note: For Network, select the public network that you created in the vCenter.
Figure 1. Create Custom ESX VIP


How to Use an ESX VIP

The method of using an ESX VIP is basically the same as that of using a KVM VIP.

  • Custom ESX VIP:

    A custom ESX VIP in a VPC network environment can be used for network services, such as EIP, port forwarding, load balancing, and IPsec tunnel. To use custom ESX VIP, you can Create a New VIP or Use an Existing VIP. For detailed information, you can refer to User Guide.

  • System ESX VIP:

    A system ESX VIP in a VPC network environment can be used for network services, such as EIP, port forwarding, load balancing, and IPsec tunnel. The method of using a system ESX VIP is as follows:

    On the main menu of ZStack Cloud Private Cloud, choose Resource Center > Network Service > Port Forwarding/Load Balancing/IPsec Tunnel. On the Port Forwarding, Load Balancing, or IPsec Tunnel page, you can choose to use an existing VIP.

ESX VIP Actions

On the main menu of ZStack Cloud, choose Resource Center > Network Service > Basic Network Service > VIP. Then, the VIP page is displayed.

The following table lists the actions that you can perform on a custom VIP.
Action Description
Create VIP Create a new VIP.
Edit VIP Edit the name and description of the VIP.
Delete VIP Delete the selected VIP.
Note:
  • Deleting a custom VIP also deletes all services the VIP provides.
  • Deleting a service of a custom VIP does not affect other services the VIP provides.

EIP

A VPC network uses custom ESX Virtual IP addresses (VIPs) to provide elastic IP address (EIP) services. With an EIP, a VPC vRouter can access the private network of a vCenter VM instance through a public network.

This topic falls into the following parts:

Create an EIP

The steps of creating an EIP in a vCenter environment are basically the same as that in a KVM environment.

On the main menu of ZStack Cloud, choose Resource Center > Network Service > Basic Network Service > EIP. On the EIP page, click Create EIP. Then, the Create EIP page is displayed. On the displayed page, set the parameters. For detailed information, you can refer to User Guide.
Note:
  • If you choose to create a new VIP to provide EIP service, select public network that you created in the vCenter for Network.
  • If you choose to use an existing VIP to provide EIP service, select an existing custom ESX VIP for VIP.

EIP Actions

On the main menu of ZStack Cloud, choose Resource Center > Network Service > Basic Network Service > EIP. Then, the EIP page is displayed.

The following table lists the actions that you can perform on an EIP.
Action Description
Create EIP Create a new EIP.
Edit EIP Edit the name and description of the EIP.
Attach NIC Attach an EIP to a VM NIC.
Note:
  • You can attach a public network EIP to a NIC on a flat or VPC network.
  • You can attach a flat network EIP to a NIC another flat network.
  • You can attach an IPv4 EIP to a NIC using a IPv4 address or an IPv6 EIP to a NIC using an IPv6 address.
  • If the EIP is associated with a shared bandwidth, it can be attached to a NIC using the same VPC vRouter with the shared bandwidth only.
  • If the NIC is in Disabled state, you need to enable the NIC to make the attachment take effect.
Detach NIC Detach the VM NIC from the EIP.
Change Owner Change the owner of the EIP.
Note: If you change the owner of the EIP, the VIP that the EIP uses is synchronously changed to the same owner.
Delete EIP Delete the selected EIP.
Note: Deleting an EIP also deletes the corresponding EIP service. To delete the corresponding VIP at the same time, select the Delete VIP checkbox.

Port Forwarding

A VPC network uses custom ESX virtual IP addresses (VIPs) or system ESX VIPs to provide port forwarding service, and has the following features:
  • With the port forwarding service, a VPC vRouter can forward the port traffics of a specified public IP address to the port of a corresponding vCenter VM IP address.
  • If your public IP addresses are insufficient, you can configure port forwarding for multiple vCenter VM instances by using one IP address and port.

Create a Port Forwarding Rule

The steps of creating a port forwarding rule in a vCenter environment are basically the same as that in a KVM environment.

On the main menu of ZStack Cloud, choose Resource Center > Network Service > Basic Network Service > Port Forwarding. On the Port Forwarding page, click Create Port Forwarding. Then, the Create Port Forwarding page is displayed. On the displayed page, set the parameters.
Note:
  • If you choose to create a new VIP to provide port forwarding service, select the public network that you created in the vCenter for Network.
  • If you choose to use an existing VIP to provide port forwarding service, select an existing custom ESX VIP or system ESX VIP for VIP.

Associate a Port Forwarding Rule with a VM NIC

On the displayed Associate VM NIC page, choose the target VM Instance. On the VM NIC page, select the target vCenter VM NIC, and click OK.

Figure 1. Associate VM NIC


Port Forwarding Actions

On the main menu of ZStack Cloud, choose Resource Center > Network Service > Basic Network Service > Port Forwarding. Then, the Port Forwarding page is displayed.

The following table lists the actions that you can perform on a Port Forwarding:
Action Description
Create Port Forwarding Rule Create a new port forwarding rule.
Edit Port Forwarding Rule Edit the name and description of the port forwarding rule.
Associate VM NIC Associate a port forwarding rule with a VM NIC.
Disassociate VM NIC Disassociate a port forwarding rule from a VM NIC.
Delete Port Forwarding Rule Deleting a port forwarding rule also deletes the corresponding port forwarding service. Note that the associated VIP and other services the VIP provides are not affected.

Notes

  • To use port forwarding, make sure that the firewall policy in the VM instances can be accessed by the specified ports.
  • When you use a VIP to provide the port forwarding service, make sure that the ports used by the VIP are not duplicated.
  • A VIP can provide the port forwarding service to different ports of multiple VM NICs on the same L3 network.
  • A VM instance can only use one VIP to provide the port forwarding service.
  • When you disassociate a VIP from a VM instance and associate a VM instance again, you can only select the VM NIC on the same L3 network of the VM instance that you disassociated before.
  • If you select port range for port forwarding, make sure that the source port range and the VM port range are the same. For example, if you set the range of the source port to 22-80, the port range of the VM instance is also 22-80.


Archives

Download Document Archives

Back to Top

Download

Already filled the basic info?Click here.

Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

An email with a verification code will be sent to you. Make sure the address you provided is valid and correct.

同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Download

Not filled the basic info yet? Click here.

Invalid email address or mobile number.
同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Email Us

contact@zstack.io
ZStack Training and Certification
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Email Us

contact@zstack.io
Request Trial
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Email Us

contact@zstack.io

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder. After receiving the email, click the URL to download the documentation.

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder.
Or click on the URL below. (For Internet Explorer, right-click the URL and save it.)

Thank you for using ZStack products and services.

Submit successfully.

We'll connect soon.

Thank you for using ZStack products and services.