Cloud Lab-54: vCloud Director Organizations- “Static Routing between two vApps in different Organization Routed Network” (Part 1)

In this post, I am going to configure static routing between two vApps in the different organization Routed Network. due to the length of this post, i divided it into two parts. lets see what we will cover in “part 1” .

LAB-54 TASKS (Part 1)

In this Lab, we will perform following tasks

  1. Architecture diagram of Static Routing Between two vApps in different Organization Routed Network
  2. Information required for Static Routing Configuration
  3. Firewall Settings before Static Routing
    • Turn off Firewall on “vApp9”
    • Turn off Firewall on “vApp8”
    • Turn off Firewall on “SkyNet Organization Routed Network”
    • Turn off Firewall on “HITech Organization Routed Network”
  4. Test the Firewall before Static Routing.

1-Architecture diagram of Static Routing Between two vApps in different Organization Routed Network

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg01

For sake of domestication. i will allow the communication between two vApps  which are in different organization. the first vApp is with name “vApp9” which is on “HITech Organization” and other one is “vApp8” which is on “SkyNet Organization” respectivelythese are already deployed in both organization as you can see them in my static routing Architecture diagram.

2-Information required for Static Routing Configuration.

Following are the information which you should know before proceed for static routing.

  1. vApp9 VM IP
  2. vApp9 Network IP Range
  3. vApp9 Firewall External IP
  4. HITech Organization Routed Network IP Range
  5. HITech Organization Routed Network Firewall External IP
  6. vApp8 VM IP
  7. vApp8 Network IP Range
  8. vApp8 Firewall External IP
  9. SkyNet Organization Routed Network IP Range
  10. SkyNet Organization Routed Network Firewall External IP

lets see how to get this information step by step.

1-To find “vApp9 VM IP”

Navigate to Organization “HITech” -> MyCloud-> vApp->vApp9-vAppRoutedOrgRouted->Virtual Machine tab.

Note the IP address of “vApp9-VM1” which is “192.168.21.100”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg02

2-To find the “vApp9 Network IP range”

Navigate to Organization “HITech” -> MyCloud-> vApp->vApp9-vAppRoutedOrgRouted->networking tab.

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg03

Right Click on the “vApp9-Network-Routed” VSE (vShied-Edge-Firewall) -> Choose “Properties”.

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg04

In “Network Specification’ Tab-> Note the IP Range. which is “192.168.21.0/24”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg05

3-To find the “vApp9 External IP”

Right Click on the “vApp9-Network-Routed” VSE (vShied-Edge-Firewall) -> Choose “Configure Services”.

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg06

In “Static Routing” Tab -> Note the “Router External IP”. which is “192.168.63.2”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg07

4-To find the “HITech Organization Routed Network IP Range”

Navigate to Organization “HITech” -> Administration-> Virtual Data Center->HITech-Prod-OrgVDC->Org vDC Networks Tab-> HITech-Prod-OrgRouted

Note the “HITech-Pord-OrgRouted” IP Range. which is “192.168.63.0/24”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg08

5-To find the “HITech Organization Routed Firewall External IP”

Navigate to Organization “HITech” -> Administration-> Virtual Data Center->HITech-Prod-OrgVDC->Edge Gateway Tab-> HITech-Prod-Edge

Right Click on the “HITech-prod-Edge” -> Choose “External IP Allocations”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg09

Note the “HITech-Pord-Edge” External IP which is “10.0.150.203”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg10

6-To find “vApp8 VM IP”

Navigate to Organization “SkyNet” -> MyCloud-> vApp->vApp8-vAppRoutedOrgRouted->Virtual Machine tab.

Note the IP address of “vApp8-VM1” which is “192.168.16.100”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg8

7-To find the “vApp8 Network IP range”

Navigate to Organization “SkyNet” -> MyCloud-> vApp->vApp8-vAppRoutedOrgRouted->networking tab.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg9

Right Click on the “vApp8-Network-Routed” VSE (vShied-Edge-Firewall) -> Choose “Properties”.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg10

In “Network Specification’ Tab-> Note the IP Range which  is “192.168.16.0/24”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg11

8-To find the “vApp8 External IP”

Right Click on the “vApp8-Network-Routed” VSE (vShied-Edge-Firewall) -> Choose “Configure Services”.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg12

In “Static Routing” Tab -> Note the “Router External IP”. which is “192.168.42.4”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg13

9-To find the “SkyNet Organization Routed Network IP Range”

Navigate to Organization “SkyNet” -> Administration-> Virtual Data Center->SkyNet-Dev-OrgVDC->Org vDC Networks Tab-> SkyNet-Dev-Org-Routed

Note the “SkyNet-Dev-Org-Routed” IP Range. which is “192.168.42.0/24”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg11

10-To find the “SkyNet Organization Routed Firewall External IP”

Navigate to Organization “SkyNet” -> Administration-> Virtual Data Center->SkyNet-Dev-OrgVDC->Edge Gateway Tab-> SkyNet-Dev-Edge

Right Click on the “SkyNet-Dev-Edge” -> Choose “External IP Allocations”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg12

Note the “SkyNet-Dev-Edge” External IP which is “10.0.150.202”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg13

Now we have everything which we will need in our routing setup. Let’s summarize it.

Sr. Description IP Address
1 vApp9 VM IP 192.168.21.100
2 vApp9 Network IP Range 192.168.21.0/24
3 vApp9 Network Firewall External IP 192.168.63.2
4 HITech Org Routed Network IP Range 192.168.63.0/24
5 HITech Org Routed Network Firewall External IP 10.0.150.203
6 vApp8 VM IP 192.168.16.100
7 vApp8 Network IP Range 192.168.16.0/24
8 vApp8 Network Firewall External IP 192.168.42.4
9 SkyNet Org Routed Network IP Range 192.168.42.0/24
10 SkyNet Org Routed Network Firewall External IP 10.0.150.202

3-Firewall Settings before Static Routing

if you see in architecture diagram, we have organization routed network which is behind VSE Firewall.

“vApp Firewall” is on by default and set to deny. It has a default rule available which will allow all outbound traffic from the vApp.

On the other hand “Organization Routed network firewall” is also enabled by default and set to deny.in organization routed network firewall there is no rule defined by default. So any traffic which will in/out from the firewall will be blocked or deny by default.

It is bit easy and my recommendation in lab to turn off the firewall while testing. So we have no problem for traffic to pass through. initially, i will set the the default firewall action from “deny” to “allow” for testing. Then later post, i will show you how to allow only explicit traffic which we want to pass through from our vApp and Organization routed network firewalls.

 Enough talking let me walk through, how to turn off the firewalls on my vApps and Organization routed network.

1-Turn off Firewall on “vApp9”

Navigate to Organization “HITech” -> MyCloud-> vApp->vApp9-vAppRoutedOrgRouted->networking tab.

“Uncheck” the Firewall check box as highlight and make sure Click on “Apply” button to commit the change which we have made.

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg14

2-Turn off Firewall on “vApp8”

Navigate to Organization “SkyNet” -> MyCloud-> vApp->vApp8-vAppRoutedOrgRouted->networking tab.

“Uncheck” the Firewall check box as highlighted and make sure Click on “Apply” button to commit the change which we have made.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg15

3-Turn off Firewall on “SkyNet Organization Routed Network”

Navigate to Organization “SkyNet”-> Administration-> Virtual Datacenters -> SkyNet-Dev-OrgVDC-> Org VDC Networks.

Right Click on Network “SkyNet-Dev-OrgRouted” ->Choose “Configure Services”.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg16

Go to “Firewall” tab and “uncheck” the “Enable firewall” check box-> Click “OK”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg17

4-Turn off Firewall on “HITech Organization Routed Network”

Navigate to Organization “HITech”-> Administration-> Virtual Datacenters -> HITech-Prod-OrgVDC-> Org VDC Networks.

Right Click on Network “HITech-Prod-OrgRouted” ->Choose “Configure Services”.

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg15

Go to “Firewall” tab and uncheck the “Enable firewall” check box-> Click “OK”

cloudlab54-vCloudOrganization-Staticroutingbatweendifforg16

NOTE: you should disable vApp OS firewall as well.

4-Test the Firewall before Static Routing

Go to “vApp8-VM1” and open the console and provide the login credentials. once login, because, its linux machine. use “ipconfig”  to check its IP address which is “192.168.16.100”

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg18

If you ping the “vApp2-Web1” VM IP “192.168.15.100”. Then you will get destination reachable error at the moment.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg19

Now trace the network path of “vApp2-web1” VM. Run tracert 192.168.15.100 on command prompt.

cloudlab52-vCloudOrganization-Staticroutingbatweensameorg20

As you have noticed we only reach to IP “192.168.42.1” Organization Edge Gateway (SkyNet-Dev-Edge) and get destination reachable message from his next hop “vApp2-VSE” external IP “192.168.42.2.”

That is for today’s post. In next post, i will show you how to add static route in vApps and test the communication between them.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s