IBM Cloud Docs
VLANs and subnets in VMware Solutions

VLANs and subnets in VMware Solutions

The following table provides information about the subnets that are used in each VLAN. You can either order new VLANs or subnets for VMware Cloud Foundation for Classic - Automated instances or you can select existing VLANs. You can define your firewall rules based on the subnets and ports that the network traffic goes through.

It is not recommended to put a firewall on a secondary private VLAN that has storage and vSphere® vMotion® traffic.

Table 1. Subnets for public, private, and secondary private VLANs
Public VLAN Private VLAN Secondary private VLAN

Primary subnet

Portable subnets

  • Management edge gateway public
  • Customer edge gateway public

Primary subnet

Portable subnets

  • Infrastructure VMs (vCenter, NSX managers, NSX edges,
    Active Directory VMs, IBM CloudDriver automation VSI)
  • NSX host tunnel endpoint (TEP) traffic (NSX-T™)[1]
  • VMware NSX® Host TEP (NSX-V)
  • Customer edge gateway private

Portable subnets

  • vSAN™ traffic
  • Shared storage traffic
  • vMotion traffic
  • NSX host TEP traffic (NSX-T)[2]
  • NSX edge TEP traffic (NSX-T)
  • Customer edge TEP traffic (NSX-T)

Related links

  1. For Automated instances with vSphere 7 ↩︎

  2. For existing instances with vSphere 6.7 ↩︎