Oracle Cloud Infrastructure Documentation

Configuring Networking Connectivity for an SDDC

This topic covers configuring network connectivity for an Software-Defined Data Center (SDDC) by using quick action workflows in the Oracle Cloud Infrastructure Console.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

About the SDDC Workflows

The SDDC quick action workflows make it easy for you to configure connectivity between your SDDC and various network resources within and outside of the VCN. Each workflow determines whether the required networking resources for connectivity already exist, and attempts to create or update them as needed. These networking resources can include gateways, subnets, route tables, rules, and network security groups. To use a workflow successfully, you must have the proper permissions for using and managing the applicable resources. See Details for the Core Services for information about networking resource permissions. Resource creation also relies on your limits and remaining capacity to create more resources.

Configuring Connectivity to Your On-premises Network

The workflow for configuring connectivity between your SDDC and an on-premises network does the following:

  • Determines whether the VCN has an attached dynamic routing gateway (DRG), and if not, helps you create one.
  • Adds the route table, rules, or network security groups needed to enable routing between the DRG and the SDDC's NSX Edge Uplink 1 VLAN.

The permissions required to run the workflow successfully depend on the resources the workflow needs to create or update. Before you begin, ensure you have the correct permissions to use and manage these resources.

Note

  • In the workflow, you are prompted for the CIDR of the on-premises network. If you do not know this value, check with the on-premises network engineer or administrator before you begin. This CIDR value cannot be the same as the SDDC workload CIDR, and cannot overlap with the VCN's CIDR.
  • The workflow adds required route rules and security rules to the VCN resources. If you have reached your limits, you are prompted to check your existing rules and delete some to free up capacity.
To configure connectivity between the SDDC and your on-premises network
  1. On the Details page of the SDDC, click Configure connectivity to your on-premises network.
  2. Use the Networking wizard to set up the DRG, if needed. After the DRG setup is complete, you can continue with the workflow.
  3. Enter the SDDC workload CIDR. This CIDR block provides the IP addresses the VMware VMs use to run workloads. The minimum size is /30.
  4. Enter the CIDR of the on-premises network.

  5. Review the details of the planned updates to your networking resources. The workflow creates or updates route tables and rules that impact the NSX Edge Uplink1 VLAN, vSphere Replication Communication (v7.x only), and the DRG.

    If you choose to disallow an update, your SDDC might not have connectivity to your on-premises network. To complete the configuration, you can either return to the workflow later or make the required resource update manually outside of the workflow.

    If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator. To see the tagging options, click Show Advanced Options. The tags you specify are applied to all of the new resources created in this workflow.

  6. When you are satisfied with the configuration settings, click Apply Configuration.

    The Console displays the status of each operation in the workflow. In an error occurs, you can retry the operation. When you close the Applying Configuration window, you return to the SDDC Details page, which shows a summary of the resources that were updated and allows you to view each one by clicking the applicable link.

Configuring Connectivity to the Oracle Services Network

The workflow for configuring connectivity between your SDDC and the Oracle Services Network does the following:

  • Determines whether the VCN has a service gateway, and if not, helps you create one.
  • Adds the route table, rules, or network security groups needed to enable routing between the SDDC's NSX Edge Uplink 1 VLAN and the service gateway.

The permissions required to run the workflow successfully depend on the resources the workflow needs to create or update. Before you begin, ensure you have the correct permissions to use and manage these resources.

Note

The workflow adds required route rules and security rules to the VCN resources. If you have reached your limits, you are prompted to check your existing rules and delete some to free up capacity.
To configure connectivity between the SDDC and Oracle Services Network
  1. On the Details page of the SDDC, click Configure connectivity to Oracle Services Network.
  2. Enter the SDDC workload CIDR. This CIDR block provides the IP addresses the VMware VMs use to run workloads. The minimum size is /30.
  3. Click Next.

  4. Review the details of the planned updates to your networking resources. The workflow creates or updates route tables and rules that impact the NSX Edge Uplink1 VLAN and the service gateway.

    If you choose to disallow an update, your SDDC might not have connectivity to Oracle Services Network. To complete the configuration, you can either return to the workflow later or make the required resource update manually outside of the workflow.

    If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator. To see the tagging options, click Show Advanced Options. The tags you specify are applied to all of the new resources created in this workflow.

  5. When you are satisfied with the configuration settings, click Apply Configuration.

    The Console displays the status of each operation in the workflow. In an error occurs, you can retry the operation. When you close the Applying Configuration window, you return to the SDDC Details page, which shows a summary of the resources that were updated and allows you to view each one by clicking the applicable link.

Configuring Connectivity to the Internet Through a NAT Gateway

The workflow for configuring connectivity between your SDDC and the internet through a NAT gateway does the following:

  • Determines whether the VCN has a NAT gateway, and if not, helps you create one.
  • Adds a default route rule to the SDDC's NSX Edge Uplink1 VLAN's route table to send traffic to the internet through the NAT gateway.

The permissions required to run the workflow successfully depend on the resources the workflow needs to create or update. Before you begin, ensure you have the correct permissions to use and manage these resources.

Note

The workflow adds a required route rule to the VLAN's route table. If you have reached your route rule limits, you are prompted to check your existing rules and delete one to free up capacity.
To configure connectivity to the internet through a NAT gateway
  1. On the Details page of the SDDC, click Configure connectivity to the internet through NAT gateway.

  2. Review the details of the planned updates to your networking resources.

    If you choose to disallow an update, your SDDC might not have internet connectivity through the NAT gateway. To complete the configuration, you can either return to the workflow later or make the required resource update manually outside of the workflow.

    If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator. To see the tagging options, click Show Advanced Options. The tags you specify are applied to all of the new resources created in this workflow.

  3. When you are satisfied with the configuration settings, click Apply Configuration.

    The Console displays the status of each operation in the workflow. In an error occurs, you can retry the operation. When you close the Applying Configuration window, you return to the SDDC Details page, which shows a summary of the resources that were updated and allows you to view each one by clicking the applicable link.

Configuring Connectivity to Other Resources in the VCN

The workflow for configuring connectivity between your SDDC and other resources in the VCN does the following:

  • Allows you to select subnets in the VCN that contain resources you want your SDDC to connect to. If the VCN has no subnets, you can use the Networking Wizard from the workflow to create them.
  • Adds the route table, rules, or network security groups needed to enable routing between the SDDC's NSX Edge Uplink 1 VLAN and the resources in the selected subnets.

The permissions required to run the workflow successfully depend on the resources the workflow needs to create or update. Before you begin, ensure you have the correct permissions to use and manage these resources.

Note

The workflow adds required route rules and security rules to the VCN resources. If you have reached your limits, you are prompted to check your existing rules and delete some to free up capacity.
To configure connectivity between the SDDC and other resources in the VCN
  1. On the Details page of the SDDC, click Configure connectivity to VCN resources.
  2. Enter the SDDC workload CIDR. This CIDR block provides the IP addresses the VMware VMs use to run workloads. The minimum size is /30.
  3. Click Select Subnets.
  4. Check the check boxes of the subnets that contain resources your SDDC needs to connect to. You filter and sort the list to help you find the subnets you're interested in.
  5. Click Save Selection.
  6. Click Next.

  7. Review the details of the planned updates to your networking resources. The workflow creates or updates route tables and rules that impact the NSX Edge Uplink1 VLAN and the selected subnets.

    If you choose to disallow an update, your SDDC might not have connectivity to the resources in a subnet. To complete the configuration, you can either return to the workflow later or make the required resource update manually outside of the workflow.

    If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator. To see the tagging options, click Show Advanced Options. The tags you specify are applied to all of the new resources created in this workflow.

  8. When you are satisfied with the configuration settings, click Apply Configuration.

    The Console displays the status of each operation in the workflow. In an error occurs, you can retry the operation. When you close the Applying Configuration window, you return to the SDDC Details page, which shows a summary of the resources that were updated and allows you to view each one by clicking the applicable link.