Cloud Lab-52: vCloud Director Organizations- “Static Routing between two vApps in Same Organization Routed Network” (Part 1)

In this post, I am going to configure static routing between two vApps in the same organization Routed Network. due to the length of this post, i divided it into two parts. lets see what we will cover in “part 1” .

LAB-52 TASKS (Part 1)

In this Lab, we will perform following tasks

  1. Architecture diagram of Static Routing Between two vApps in Same Organization Routed Network
  2. Information required for Static Routing Configuration
  3. Firewall Settings before Static Routing
    • Turn off Firewall on “vApp2”
    • Turn off Firewall on “vApp9”
    • Turn off Firewall on “Organization Routed Network”
  4. Test the Firewall before Static Routing.

1-Architecture diagram of Static Routing Between two vApps in Same Organization Routed Network

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg1

For sake of domestication. i will allow the communication between two vApps named “vApp2” and “vApp8” respectivelywhich, I already deployed in my Organization “SkyNet” as you can see them in my static routing Architecture diagram.

2-Information required for Static Routing Configuration.

Following are the information which you should know before proceed for static routing.

  1. vApp2 VM IP
  2. vApp2 Network IP Range
  3. vApp2 Firewall External IP
  4. vApp8 VM IP
  5. vApp8 Network IP Range
  6. vApp8 Firewall External IP

lets see how to get this information step by step.

1-To find “vApp2 VM IP”

Navigate to Organization “SkyNet” -> MyCloud-> vApp->vApp2-vAppRoutedOrgRouted->Virtual Machine tab.

Note the IP address of “vApp2-Web1” which is “192.168.15.100”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg2

2-To find the “vApp2 Network IP range”

Navigate to Organization “SkyNet” -> MyCloud-> vApp->vApp2-vAppRoutedOrgRouted->networking tab.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg3

Right Click on the “vApp2-Network-Routed” VSE (vShied-Edge-Firewall) -> Choose “Properties”.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg4

In “Network Specification’ Tab-> Note the IP Range. which is “192.168.15.0/24”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg5

3-To find the “vApp2 External IP”

Right Click on the “vApp2-Network-Routed” VSE (vShied-Edge-Firewall) -> Choose “Configure Services”.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg6

In “Static Routing” Tab -> Note the “Router External IP”. which is “192.168.42.2”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg7

4-To find “vApp8 VM IP”

Navigate to Organization “SkyNet” -> MyCloud-> vApp->vApp8-vAppRoutedOrgRouted->Virtual Machine tab.

Note the IP address of “vApp8-VM1” which is “192.168.16.100”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg8

5-To find the “vApp8 Network IP range”

Navigate to Organization “SkyNet” -> MyCloud-> vApp->vApp8-vAppRoutedOrgRouted->networking tab.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg9

Right Click on the “vApp8-Network-Routed” VSE (vShied-Edge-Firewall) -> Choose “Properties”.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg10

In “Network Specification’ Tab-> Note the IP Range which  is “192.168.16.0/24”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg11

6-To find the “vApp8 External IP”

Right Click on the “vApp8-Network-Routed” VSE (vShied-Edge-Firewall) -> Choose “Configure Services”.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg12

In “Static Routing” Tab -> Note the “Router External IP”. which is “192.168.42.4”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg13

Now we have everything which we will need in our routing setup. Let’s summarize it.

Sr. Description IP Address
1 vApp2 VM IP 192.168.15.100
2 vApp2 Network IP Range 192.168.15.0/24
3 vApp2 Network Firewall External IP 192.168.42.2
4 vApp8 VM IP 192.168.16.100
5 vApp8 Network IP Range 192.168.16.0/24
6 vApp8 Network Firewall External IP 192.168.42.4

3-Firewall Settings before Static Routing

if you see in architecture diagram, we have organization routed network which is behind VSE Firewall.

“vApp Firewall” is on by default and set to deny. It has a default rule available which will allow all outbound traffic from the vApp.

On the other hand “Organization Routed network firewall” is also enabled by default and set to deny.in organization routed network firewall there is no rule defined by default. So any traffic which will in/out from the firewall will be blocked or deny by default.

It is bit easy and my recommendation in lab to turn off the firewall while testing. So we have no problem for traffic to pass through. initially, i will set the the default firewall action from “deny” to “allow” for testing. Then later post, i will show you how to allow only explicit traffic which we want to pass through from our vApp and Organization routed network firewalls.

 Enough talking let me walk through, how to turn off the firewalls on my vApps and Organization routed network.

1-Turn off Firewall on “vApp2”

Navigate to Organization “SkyNet” -> MyCloud-> vApp->vApp2-vAppRoutedOrgRouted->networking tab.

“Uncheck” the Firewall check box as highlighted and make sure Click on “Apply” button to commit the change which we have made.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg14

2-Turn off Firewall on “vApp9”

Navigate to Organization “SkyNet” -> MyCloud-> vApp->vApp8-vAppRoutedOrgRouted->networking tab.

“Uncheck” the Firewall check box as highlighted and make sure Click on “Apply” button to commit the change which we have made.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg15

3-Turn off Firewall on “Organization Routed Network”

Navigate to Organization “SkyNet”-> Administration-> Virtual Datacenters -> SkyNet-Dev-OrgVDC-> Org VDC Networks.

Right Click on Network “SkyNet-Dev-OrgRouted” ->Choose “Configure Services”.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg16

Go to “Firewall” tab and “uncheck” the “Enable firewall” check box-> Click “OK”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg17

NOTE: you should disable vApp OS firewall as well.

4-Test the Firewall before Static Routing

Go to “vApp8-VM1” and open the console and provide the login credentials. once login, because, its linux machine. use “ipconfig”  to check its IP address which is “192.168.16.100”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg18

If you ping the “vApp2-Web1” VM IP “192.168.15.100”. Then you will get destination reachable error at the moment.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg19

Now trace the network path of “vApp2-web1” VM. Run tracert 192.168.15.100 on command prompt.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg20

As you have noticed we only reach to IP “192.168.42.1” Organization Edge Gateway (SkyNet-Dev-Edge) and get destination reachable message from his next hop “vApp2-VSE” external IP “192.168.42.2.”

That is for today’s post. In next post, i will show you how to add static route in vApps and test the communication between them.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s