Routing

Explanations of routing within pluscloud VMware and its implications

2 minute read

Pluscloud VMware has various systems that take over routing tasks:

flowchart LR
    cr[Core Router] <--> sr
    ss[Shared Switching] <--> egw
    subgraph egw[Edge Gateway]
        sr[Service Router]
        sr <--> dr[Distributed Router]
    end
    subgraph vdc[OrgVDC]
        direction TB
        dr <--> rs1[Routed Segment 1]
        dr <--> rs2[Routed Segment 2]
        rs1 <--> vappgw1[vApp Gateway 1]
        vappgw1 <--> vm1[VM 1]
    end

Core router

The core routers are high-performance physical router systems that are redundantly available at each plusserver data center (see plusserver Regions and Availability Zones). They provide the connection between the data centers and the internet, for which various peerings with communication service providers exist.

The core routers are not exclusively part of the pluscloud VMware but are part of the plusserver network infrastructure.

Edge Gateway

An edge gateway is used to connect organizational networks to external networks (see Network types).

An edge gateway is provisioned for each OrgVDC. This consists of a service router and a distributed router.

Service router

The service router contains all non-distributed services of the edge gateway. This includes:

a gateway firewall
a NAT engine for SNAT and DNAT
a DHCP server
a VPN gateway
IPAM for managing IP addresses

Distributed Router

The distributed router is a service of the edge gateway that is distributed across all virtualization hosts. It serves all static and dynamic routes within the pluscloud VMware environment.

Warning

Data path for distributed routing
If a connection can already be realized via the distributed router, the data traffic is not routed via the service router. The services running there, including the gateway firewall, are therefore bypassed, as the data traffic does not pass through them.

For this reason, you cannot use the gateway firewall to separate different segments from each other.

vApp Gateway

A vApp gateway is used to connect vApp networks and org networks (see Network types).

It is only used when a vApp network is routed to an org network. A gateway is not required as a routing instance for a directly connected vApp network, as the network segment is passed through unchanged. An isolated vApp network does not require a gateway because it is not connected to any other network.

The vApp Gateway’s NAT and firewall functionalities are limited to a minimum.

Last modified 02.08.2024: Fix grammaer mistakes in PCV networking docs (a03082e)