%BOOK_ENTITIES; ]>

A private gateway can be added by the root admin only. The VPC private network has 1:1 relationship with the NIC of the physical network. You can configure multiple private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed in the same data center. Log in to the &PRODUCT; UI as an administrator or end user. In the left navigation, choose Network. In the Select view, select VPC. All the VPCs that you have created for the account is listed in the page. Click the Configure button of the VPC to which you want to configure load balancing rules. The VPC page is displayed where all the tiers you created are listed in a diagram. Click the Settings icon. The following options are displayed. Internal LB Public LB IP Static NAT Virtual Machines CIDR The following router information is displayed: Private Gateways Public IP Addresses Site-to-Site VPNs Network ACL Lists Select Private Gateways. The Gateways page is displayed. Click Add new gateway: add-new-gateway-vpc.png: adding a private gateway for the VPC. Specify the following: Physical Network: The physical network you have created in the zone. IP Address: The IP address associated with the VPC gateway. Gateway: The gateway through which the traffic is routed to and from the VPC. Netmask: The netmask associated with the VPC gateway. VLAN: The VLAN associated with the VPC gateway. Source NAT: Select this option to enable the source NAT service on the VPC private gateway. See . ACL: Controls both ingress and egress traffic on a VPC private gateway. By default, all the traffic is blocked. See . The new gateway appears in the list. You can repeat these steps to add more gateway for this VPC.

You might want to deploy multiple VPCs with the same super CIDR and guest tier CIDR. Therefore, multiple guest VMs from different VPCs can have the same IPs to reach a enterprise data center through the private gateway. In such cases, a NAT service need to be configured on the private gateway to avoid IP conflicts. If Source NAT is enabled, the guest VMs in VPC reaches the enterprise network via private gateway IP address by using the NAT service. The Source NAT service on a private gateway can be enabled while adding the private gateway. On deletion of a private gateway, source NAT rules specific to the private gateway are deleted. To enable source NAT on existing private gateways, delete them and create afresh with source NAT.

The traffic on the VPC private gateway is controlled by creating both ingress and egress network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the ingress traffic to the private gateway interface and all the egress traffic out from the private gateway interface are blocked. You can change this default behaviour while creating a private gateway. Alternatively, you can do the following: In a VPC, identify the Private Gateway you want to work with. In the Private Gateway page, do either of the following: Use the Quickview. See . Use the Details tab. See through . In the Quickview of the selected Private Gateway, click Replace ACL, select the ACL rule, then click OK Click the IP address of the Private Gateway you want to work with. In the Detail tab, click the Replace ACL button. replace-acl-icon.png: button to replace the default ACL behaviour. The Replace ACL dialog is displayed. select the ACL rule, then click OK. Wait for few seconds. You can see that the new ACL rule is displayed in the Details page.

&PRODUCT; enables you to specify routing for the VPN connection you create. You can enter one or CIDR addresses to indicate which traffic is to be routed back to the gateway. In a VPC, identify the Private Gateway you want to work with. In the Private Gateway page, click the IP address of the Private Gateway you want to work with. Select the Static Routes tab. Specify the CIDR of destination network. Click Add. Wait for few seconds until the new route is created.

&PRODUCT; enables you to block a list of routes so that they are not assigned to any of the VPC private gateways. Specify the list of routes that you want to blacklist in the blacklisted.routes global parameter. Note that the parameter update affects only new static route creations. If you block an existing static route, it remains intact and continue functioning. You cannot add a static route if the route is blacklisted for the zone.