http://virtualshocks.blogspot.com.es/2013/09/understanding-networks-in-vcloud.html
This part 2/2 is about the "vApp networks" on VMware vCloud Director. This vApp networks connect the virtual machines in a vApp, it´s like configure a router in front a vApp to separate the vm´s from the rest of the vApp or the Cloud enviroment.
What VMware says "vCloud Director coordinates with vCloud Networking and Security Manager to provide automated network security for a vCloud environment. vCloud Networking and Security Edge gateway devices are deployed during the provisioning of routed or private networks. Each vCloud Networking and Security Edge gateway runs a firewall service that allows or blocks inbound traffic to virtual machines that are connected to a public access organization virtual datacenter network. The vCloud Director web console exposes the ability to create five-tuple firewall rules that are comprised of source address, destination address, source port, destination port, and protocol."
-Direct: vApps coonect directly to the organization virtual datacenter network.
-Routed: new network where the router provides NAT and FW functions.
-Isolated: no connections outside de vApp, only inside vApp VM machines can communicate.
-Fenced: Identical virtual machines can exist in different vApps, the virtual router provides isolation and proxy ARP.
Before see some examples, take care with the Network Pool options as defined above:
...Trough the wizard:
..Trough the vApp diagram tab in vCloud Director GUI. This view is one of the best way to review the networking configuration issues clicking on a VM the paths are highlighted:
...Trough the Networks tab you can sleect the network type ant the NAT or FW options:
Let´s check some examples:
CASE1: where 2 Organizations keep comunicated with a External Network: vShield Edge routing and statics routes are necessary
-CASE1: where 2 Organizations keep communicated without NAT but where vShield Edge is necessary.
.
LINK: vCloud Networking