vShield Edge Static Routing between External networks

Config:

1 x VCNS Edge Gateway with Public IP Block – VLAN 200

External Network 1 – with Public IP Block – VLAN 201

External Network 2 – with Public IP Block – VLAN 202

I recently came across a customer requirement where they wanted to set up some static routes between External Network 1 (VLAN 201) and External Network 2 (VLAN 202) as above.  Both networks had been created in vCloud Director as external networks and did not have any Organisation Networks attached to them. 

We had an existing VCNS Edge Gateway with a public IP block assinged on VLAN 200, my assumption was that we add both external networks to the existing VCNS Edge Gateway and apply the static routes between them.  It turns out that it’s not that simple! when I attempted to apply the routes between Network 1 and Network 2  I got the following message… “Static routing between overlapping networks is not supported”, it seems that the because they are connected to vCloud Director as external networks it will not allow you to add static routes as VCD sees them as overlapping networks.

This was a misunderstanding on my part on how static routing works on VCNS Edge Gateways, it seems that I’m not the only one as several of my colleagues had the same misconception.  In the end we applied the static routes on an upstream switch as we could not get the routes to stick on the VCNS Gateway.  Static Routes work well on VAPP networks and Organisation networks on the internal side of the vShield Edge, but there is very little information on there on using them for external networks, I aim to do some more research in this area so will update the blog in due course.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s