Understanding Segments in VMC on AWS
Introduction
In VMC on AWS 1.18 the ability to configure multiple T1s CGWs (Compute Gateways) in the SDDC was introduced. This feature opens multiple new use cases for customers and expands the networking options available like multi-tenancy, disconnected networks and overlapping IP address ranges obscured by Network Address Translation (NAT). With this came a change to the API used for segment creation.
There are two types of NSX segments created in VMC on AWS – fixed and flexible. There are differences between fixed and flexible segments that are important to understand as the behavior and APIs differ between the types. For example, segments are missing from a listing of all SDDC segments when using API calls when both fixed and flexible segments are configured.
|
General Considerations |
In VMC on AWS 1.18 the ability to configure multiple T1s in the SDDC was introduced. With this a change in the API and behavior for segment creation and management, primarily via API. |
|
Documentation Reference |
|
|
Last Updated |
September 2022 |
Considerations
All segments connected to the default CGW at the time of their creation will be fixed segments. Fixed segments are unique to VMC on AWS and can be configured in one of three modes, routed, extended or disconnected.
Fixed segments cannot be configured to connect to a customer created T1 and can only be connected to the default CGW. They are child objects of the default CGW.
The difference in capabilities with fixed segments is primarily contained within their connectivity model. The list below expands on each connectivity model.
- Routed – routed network segments have connectivity to other segments inside and out of the SDDC
- Extended – extended network segments are used with the NSX L2VPN to create a common broadcast domain between VMC on AWS and on-premises networks
- Disconnected – disconnected network segments have no uplinks and create an isolated segment. Disconnected networks are primarily created by HCX and can be changed to routed.
Flexible segments are standalone objects created when the segment is attached to a customer created T1. Flexible segments don’t have a routed, extended or disconnected mode like fixed segments and can be moved between customer created T1s and the default CGW.
Flexible segments inherit their connectivity model from the T1 they are connected to as well as their connectivity flag. The connectivity flag can be ON or OFF. VMC on AWS allows for Routed, NATted or Isolated mode of the customer created T1. When a flexible segment is created on a customer created T1 and then connected to the Default CGW, it becomes routed.
The APIs used to configure the different segments are important to understand.
Fixed segments are created using the /infra/tier-1s/cgw/segments/API
The output from the GET API call for fixed segments is below
Flexible segments are created using the /infra/segments/ API
The output from the GET API call for a flexible segment with connectivity mode ON is below
The output from the GET API call for a flexible segment with connectivity mode OFF is below
You can determine which type of segments are in a SDDC by reviewing the networking path for each of them. In the UI this can be done by clicking on the ellipses (three dots) in the upper left corner of the Segment List as shown below.
Additionally, flexible segments have the ability to select their connectivity status, which is comparable to a routed segment, when on and disconnected when off. Also, the ability configure a L2VPN on a flexible segment is available which is comparable to an extended segment.
Summary
Understanding the different APIs used for segment creation in various network topologies is important. The two types of segments exhibit not only different behavior in connectivity attributes but also in their ability to be associated to the various network components in a SDDC.