Understanding Traffic Flow
Traffic/Network Flow Diagram
Example of an External Network using VLAN 55 and an Internal Network
Example of the Core Network Configuration
Document Information
- Last Updated: 2024-03-21
- vergeOS Version: 4.12.5
Document Information
Network blocks in VergeOS are a powerful way to assign multiple IP addresses to tenants or networks for workloads. This method is preferred over virtual wires since VergeOS focuses on Layer 3 connectivity, avoiding the common issues associated with Layer 2 connections (like virtual wires). Network blocks also allow the direct assignment of public IP addresses to VMs inside an internal network or a tenant.
Document Information
Important
Adding this rule will allow tenants to connect on the DMZ network. By default, this is disabled for security reasons.
This guide provides instructions on how to connect a root system to a tenant site in VergeOS. The Sites feature is typically used to connect two VergeOS sites together, but to extend this functionality to a tenant site, you’ll need to add a specific rule on the root system's External network.
Access External Networks - In the Root system, navigate to Networks and then External Networks. - Double-click on the External network.
Add the Rule - In the left menu, click on Rules. - Before adding a new rule, ensure it doesn’t already exist. - Click New in the left menu. - Enter the following details:
After the rule is applied, the root system should now be able to connect to the tenant site.
To verify that the rule works, follow these steps:
The Response should say Connection successful. If the connection fails, review the rule to ensure accuracy, particularly ensuring that the Interface is set to DMZ rather than Auto.
Common Issues
Need Help?
If you encounter any issues while setting up the root-to-tenant site connection, or have any questions, feel free to contact our support team.
Document Information
Key Points
This guide walks you through the process of creating a VLAN (Virtual Local Area Network) in the VergeOS environment. VLANs are essential for network segmentation and improving network performance and security.
Prepare the Physical Network - Add the desired VLAN(s) to the appropriate switchports so they are accessible to the nodes running the VergeOS environment
Navigate to Network Creation - From the Main Dashboard, go to Networks - Select "New External" in the left menu
Configure Network Settings - In the network creation page, enter the following settings:
Interface Network Selection
For the "Interface Network" option, be sure to select the physical network on the nodes that the VLAN enters the environment on. These are typically appended with the name "Switch" during install. For all other settings, the default options are typically sufficient.
Submit Configuration - Click the submit button to create the new network
Verify Network Status - You will be brought to the newly created network's dashboard - Verify that the status shows as "Running" if the configuration from above was used
Attach Workloads - Workloads can now be attached to the newly created network
Adding VLANs to Tenants
See the Virtual Wires KB article for adding VLANS into Tenants.
Common Issues
Solution:
Problem: Unable to attach workloads to the new VLAN
Need Help?
If you encounter any issues while creating VLANs or have questions about this process, please don't hesitate to contact our support team.
Document Information
Before you begin, verify if other virtual machines in the environment can access the internet. If no other machines can, there may be a network issue upstream of the VergeOS platform that is preventing access to the outside world. If other VMs are still able to access the internet, the most likely cause is that a configuration step was missed.
The following are the most common configuration mistakes that cause network issues:
Document Information
Key Points
This article guides you through the process of setting up access to the VergeOS User Interface (UI) from a virtual machine (VM) running inside the VergeOS system. This is accomplished using a networking technique known as hair-pinning, where a packet travels to an interface, goes out towards the Internet, but instead of continuing, it makes a "hairpin turn" and comes back in on the same interface.
Navigate to the Internal Network - Log into your VergeOS environment - Go to the internal network that your target VM is connected to
Create a New Rule - Locate the option to create a new rule - Configure the rule with the following settings:
Rule: - Name: Use a reference name, such as "Allow UI" - Action: Translate - Protocol: TCP - Direction: Incoming - Interface: Auto - Pin: No
Source: - Type: Any / None - Source Ports/Ranges: Leave blank
Destination: - Type: My Network Address - Destination Ports/Ranges: 80, 443
Target: - Type: Other Network DMZ IP - Target Network: Core - Target Ports/Ranges: Leave blank
Submit the Rule - Click "Submit" to save the rule
Apply the New Rule - Click "Apply Rules" to activate the newly created rule
Access the UI from the VM - Open a web browser within your VM - Navigate to the IP address of the internal network (e.g., if the internal network IP is 192.168.0.1, use this address)
Pro Tip
Always ensure that your VM's network settings are correctly configured to use the internal network where you've set up this rule.
Here's a visual representation of the rule configuration:
Common Issues
Need Help?
If you encounter any issues while setting up UI access or have questions about this process, please don't hesitate to contact our support team.
Document Information
The following is a simple method to establish a route between two networks in the VergeOS platform.
Info
After completing the two rules on the first network, you will need to create identical rules on the second network.
Document Information