Administrators need to create policies on Xi to allow the traffic for the floating IP and reroute policies to reroute traffic through the vPAN.
If the requested floating IP was 206.80.155.166, which was assigned to the management interface of the PAN 10.250.0.2, you would need to open the traffic for this IP or subnet to go out to the internet. You would need to create a policy that has a higher priority PBR rule (higher value of priority rule takes the precedence); however, you would need to give this new policy a higher priority number than our reroute policy. This policy will be created for the internal subnet 10.250.0.0/24 and not for the floating IP itself.
To create a policy:
- Go to Explore > Virtual private clouds > Production > Policies.
- Select Create Policies.
You would need to create policies in both directions (i.e. from the Internet to the 10.250.0.0/24 subnet to allow the traffic, and from 10.250.0.0/24 to the Internet to allow the traffic) as seen in the following screenshot:
In the above screenshot, you can see that the priority of the rule is 800 for source as all Internet traffic, and destination is changed to a custom subnet 10.250.0.0/24 (management subnet) for ANY protocol to permit the traffic.
In the above screenshot, you can see that the priority of the rule is 801 for source as a custom subnet 10.250.0.0/24 (management subnet) and destination is changed to all Internet traffic for ANY protocol to permit the traffic.
You can now create the reroute policies with a lower priority from the previous rules.
In the above screenshot, you can see that the priority of the rule is 700 for source as a custom subnet 10.245.0.0/24 (Windows VM subnet), and destination is changed to all Internet traffic for ANY protocol to reroute the traffic to 10.247.0.2 (inside interface IP of the vPAN).
This reroute policy can be created for a custom source subnet to the Internet, or it can be created for ANY source subnet to the Internet. It will then reroute all the traffic from internal subnets on Xi to the Internet through the vPAN.
In the above screenshot, you can see that the priority of the rule is 700 for source as ANY and destination is changed to all Internet traffic for ANY protocol to reroute the traffic to 10.247.0.2 (inside interface IP of the vPAN).
2021 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.
This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.