About Inter-VLAN Routing
203
This feature is supported on XenServer and VMware hypervisors.
The major advantages are:
• The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A
guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs. All the VMs
of a certain tier of an account reside on the guest VLAN allotted to that account.
Note
A VLAN allocated for an account cannot be shared between multiple accounts.
• The administrator can allow users create their own VPC and deploy the application. In this scenario,
the VMs that belong to the account are deployed on the VLANs allotted to that account.
• Both administrators and users can create multiple VPCs. The guest network NIC is plugged to the
VPC virtual router when the first VM is deployed in a tier.
• The administrator can create the following gateways to send to or receive traffic from the VMs:
• VPN Gateway: For more information, see Section 16.24.4.2, “Creating a VPN gateway for the
VPC”.
• Public Gateway: The public gateway for a VPC is added to the virtual router when the virtual
router is created for VPC. The public gateway is not exposed to the end users. You are not
allowed to list it, nor allowed to create any static routes.
• Private Gateway: For more information, see Section 16.27.5, “Adding a Private Gateway to a
VPC”.
• Both administrators and users can create various possible destinations-gateway combinations.
However, only one gateway of each type can be used in a deployment.
For example:
• VLANs and Public Gateway: For example, an application is deployed in the cloud, and the Web
application VMs communicate with the Internet.
• VLANs, VPN Gateway, and Public Gateway: For example, an application is deployed in
the cloud; the Web application VMs communicate with the Internet; and the database VMs
communicate with the on-premise devices.
• The administrator can define Access Control List (ACL) on the virtual router to filter the traffic among
the VLANs or between the Internet and a VLAN. You can define ACL based on CIDR, port range,
protocol, type code (if ICMP protocol is selected) and Ingress/Egress type.
The following figure shows the possible deployment scenarios of a Inter-VLAN setup: