Configure the Primary Site - OCI Dedicated Region A
This section covers the foundational networking and infrastructure setup for the Primary site, which will host the initial management cluster for the stretched vSAN deployment.
Create VCNs and Networking Foundation
Create the following two VCNs: VCN-Primary and
VCN-Mgmt-Active.
Start by creating a VCN named VCN-Primary in the OCI Dedicated Region (Primary) region using: Primary CIDR: 10.16.0.0/16. Once
created, add a secondary CIDR block: Secondary CIDR: 172.45.0.0/16.
This secondary CIDR is required during the initial SDDC deployment.
Next, create the VCN named VCN-Mgmt-Active. This VCN will ultimately
host management components for the Active (Primary) site:
- VCN Name:
VCN-Mgmt-Active - CIDR Block:
172.45.0.0/16
This CIDR matches the secondary block added to VCN-Primary and will
enable the seamless routing of VLANs spread across VCNs.
Set Up Networking Dependencies
Create the route tables and NAT Gateway, define the network security groups (NSGs) and security list.
- Create a dedicated Route Table per VLAN and for subnet. No rules needed initially. All required VLANs and subnets per VCN are listed in the sections below.
- Create a NAT Gateway in both VCNs to allow egress to the internet for management components.
Add the following route entry only to the route table for the VMware vSphere VLAN:
| Destination | Target Type | Target |
|---|---|---|
0.0.0.0/0 |
NAT Gateway | NAT-GW |
Define Network Security Groups (NSGs) and Security List
For each VLAN, create a dedicated NSG with the following base rules. Additionally, create a security list for the subnet that will be created for deploying ESXi hosts into by the Oracle Cloud VMware Solution service.
| Direction | Source | Destination | Protocol |
|---|---|---|---|
| Ingress | 10.16.0.0/16
(VCN-Primary)
|
All Protocols | |
| Ingress | 172.45.0.0/16
(VCN-Mgmt-Active)
|
All Protocols | |
| Egress | 0.0.0.0/0 |
All Protocols |
More specific security rules can be applied post-deployment.
Create Subnet and VLANs for VCN-Primary
Create the ESXi host subnet and VLANs.
Using the route table and security list created earlier, create the below subnet.
| Purpose | Subnet Name | CIDR |
|---|---|---|
| VMware ESXi Deployment | Subnet-Stretched-Cls-Mgmt | 10.16.1.0/24 |
Create VLANs
Using the corresponding route tables and NSGs created earlier, create the below VLANs.
| VLAN Purpose | Name | CIDR Range | Tag | Notes |
|---|---|---|---|---|
| vSAN | VLAN-Stretched-Cls-Mgmt-vSAN | 10.16.2.0/24 |
102 | |
| vMotion | VLAN-Stretched-Cls-Mgmt-vMotion | 10.16.3.0/24 |
103 | |
| NSX VTEP | VLAN-Stretched-Cls-Mgmt-NSX VTEP | 10.16.4.0/24 |
104 | |
| Replication | VLAN-Stretched-Cls-Mgmt-Replication Net | 10.16.5.0/24 |
105 | |
| Provisioning | VLAN-Stretched-Cls-Mgmt-Provisioning Net | 10.16.6.0/24 |
106 | |
| vSphere | VLAN-Stretched-Cls-Mgmt-vSphere | 172.45.1.0/24 |
201 | Add NAT-GW route for outbound |
| NSX Edge VTEP | VLAN-Stretched-Cls-Mgmt-NSX Edge VTEP | 172.45.2.0/24 |
202 | |
| NSX Edge Uplink 1 | VLAN-Stretched-Cls-Mgmt-NSX Edge Uplink 1 | 172.45.3.0/24 |
203 | |
| NSX Edge Uplink 2 | VLAN-Stretched-Cls-Mgmt-NSX Edge Uplink 2 | 172.45.4.0/24 |
204 | |
| HCX | VLAN-Stretched-Cls-Mgmt-HCX | 172.45.5.0/24 |
205 |
Create VLANs in VCN-Mgmt-Active
Create the below VLANs in VCN-Mgmt-Active, using
corresponding CIDR ranges to maintain consistency across the management layer. To simplify
identification during this process, prefix all VLAN names with -NEW.
VLANs in VCN-Mgmt-Active
| VLAN Purpose | Name | CIDR Range | Tag | Notes |
|---|---|---|---|---|
| vSphere | VLAN-Stretched-Cls-Mgmt-vSphere-NEW | 172.45.1.0/24 |
201 | NAT-GW for egress. Ensure external access rules for HCX, NSX, and vCenter IPs match those in the same VLAN under VCN-Primary. |
| NSX Edge VTEP | VLAN-Stretched-Cls-Mgmt-NSX Edge VTEP-NEW | 172.45.2.0/24 |
202 | |
| NSX Edge Uplink 1 | VLAN-Stretched-Cls-Mgmt-NSX Edge Uplink 1-NEW | 172.45.3.0/24 |
203 | |
| NSX Edge Uplink 2 | VLAN-Stretched-Cls-Mgmt-NSX Edge Uplink 2-NEW | 172.45.4.0/24 |
204 | |
| HCX | VLAN-Stretched-Cls-Mgmt-HCX-NEW | 172.45.5.0/24 | 205 |
Deploy the Primary SDDC
Use the Select existing subnet and VLANs option during deployment. Map each of the above-created components manually.
- Avoid Standard shapes for this deployment.
- Deployment typically completes within 2 to 2.5 hours.
For guidance, refer to:
This concludes the basic configuration of the Primary Site, now let’s prepare the Secondary Site in the next section.