Configure the Public Network

The public network is the network that container VMs and the virtual container host (VCH) use to connect to the Internet. VCHs use the public network to pull container images from public registries, for example from Docker Hub. Container VMs that use port mapping expose network services on the public network. In Docker terminology, the public network corresponds to the host network.

IMPORTANT: For information about VCH networking requirements, see Networking Requirements for VCH Deployment.

Options

The sections in this topic each correspond to an entry in the Configure Networks page of the Create Virtual Container Host wizard, and to the corresponding vic-machine create options.

Public Network

You designate a specific network for traffic from container VMs and the VCH to the Internet by specifying a public network when you deploy the VCH.

IMPORTANT:

• If you use the Create Virtual Container Host wizard to create VCHs, it is mandatory to use an existing port group or logical switch for the public network.
• If you use vic-machine to deploy VCHs, by default the VCH uses the VM Network, if present, for the public network. If the VM Network is present, it is therefore not mandatory to use a dedicated network interface for the public network, but it is strongly recommended. Using the default VM Network for the public network instead of a dedicated network interface prevents vSphere vMotion from moving the VCH endpoint VM between hosts in a cluster. If the VM Network is not present, you must create a dedicated port group or logical switch for the public network.
• You can use the same network as the public network for multiple VCHs. You cannot use the same network for the public network as you use for the bridge network.
• You can share the public network network with the client and management networks. If you do not configure the client and management networks to use specific networks, those networks use the settings that you specify for the public network.
• The port group or logical switch must exist before you create the VCH. For information about how to create a port group or logical switch, see Networking Requirements for VCH Deployment.
• You cannot use vic-machine configure to change the public network setting after you deploy the VCH.

Create VCH Wizard

Select an existing port group or logical switch from the Public network drop-down menu.

NOTE: If you use the Create Virtual Container Host wizard, specifying a public network is mandatory.

vic-machine Option

--public-network, --pn

A network interface that container VMs and VCHs use to connect to the Internet. Ports that containers that are connected to the default bridge network expose with docker create -p are made available on the public network of the VCH endpoint VM via network address translation (NAT), so that containers can publish network services.
NOTE: vSphere Integrated Containers adds a new capability to Docker that allows you to directly map containers to a network by using the --container-network option. This is the recommended way to deploy container services with vSphere Integrated Containers. For more information, see Configure Container Networks.

You designate the public network by specifying an existing port group or logical switch in the vic-machine create --public-network option.

--public-network port_group_or_logical_switch_name

If you do not specify this option, containers use the VM Network for public network traffic. If you do not specify this option and the VM Network is not present, or if you specify an invalid port group or logical switch name, vic-machine create fails and suggests valid port group or logical switches.

Static IP Address

By default, vSphere Integrated Containers Engine uses DHCP to obtain an IP address for the VCH endpoint VM on the public network. You can optionally configure a static IP address for the VCH endpoint VM on the public network.

• You can only specify one static IP address on a given interface. If either of the client or management networks shares a network with the public network, you can only specify a static IP address on the public network. All of the networks that share that network use the IP address that you specify.
• If you set a static IP address for the VCH endpoint VM on the public network, you must specify a corresponding gateway address.

Create VCH Wizard

1. Select the Static IP radio button.
2. Enter an IP address with a network mask in the IP Address text box, for example 192.168.1.10/24.

The Create Virtual Container Host wizard only accepts an IP address for the public network. You cannot specify an FQDN.

vic-machine Option

--public-network-ip, no short name

You specify addresses as IPv4 addresses with a network mask.

--public-network-ip 192.168.1.10/24

You can also specify addresses as resolvable FQDNs.

--public-network-ip=vch27-team-a.internal.domain.com

Gateway

The gateway to use if you specify a static IP address for the VCH endpoint VM on the public network. If you specify a static IP address on the public network, you must specify a gateway for the public network.

You specify gateway addresses as IP addresses without a network mask.

Create VCH Wizard

Enter the IP address of the gateway in the Gateway text box, for example 192.168.1.1.

vic-machine Option

--public-network-gateway, no short name

Specify a gateway address as an IP address without a network mask in the --public-network-gateway option.

--public-network-gateway 192.168.1.1

DNS Server

A DNS server for the VCH endpoint VM to use on the public, client, and management networks.

• If you specify a DNS server, vSphere Integrated Containers Engine uses the same DNS server setting for all three of the public, client, and management networks.
• If you do not specify a DNS server and you specify a static IP address for the VCH endpoint VM on all three of the client, public, and management networks, vSphere Integrated Containers Engine uses the Google public DNS service.
• If you do not specify a DNS server and you use DHCP for all of the client, public, and management networks, vSphere Integrated Containers Engine uses the DNS servers that DHCP provides.

Create VCH Wizard

Enter a comma-separated list of DNS server addresses in the DNS server text box, for example 192.168.10.10,192.168.10.11.

If you are using the Create Virtual Container Host wizard and you set a static IP address on the public network, you must configure a DNS server.

vic-machine Option

--dns-server, None

You can specify --dns-server multiple times, to configure multiple DNS servers.

--dns-server 192.168.10.10
--dns-server 192.168.10.11

What to Do Next

If you are using the Create Virtual Container Host wizard, the bridge network and the public network are the only networks that it is mandatory to configure.

• To configure advanced network settings, remain on the Configure Networks page, and see the following topics:
  • Configure the Client Network
  • Configure the Management Network
  • Configure VCHs to Use Proxy Servers
  • Configure Container Networks
• If you have finished configuring the network settings, click Next to configure VCH Security settings.

Example vic-machine Command

This example vic-machine create command deploys a VCH that

• Directs public network traffic to an existing network named vic-public.
• Sets two DNS servers.
• Sets a static IP address and gateway for the VCH endpoint VM on the public network.
• Does not specify either of the --management-network or --client-network options. Consequently, management and client traffic also routes over vic-public because those networks default to the public network setting if they are not set.

vic-machine-operating_system create
--target 'Administrator@vsphere.local':password@vcenter_server_address/dc1
--compute-resource cluster1
--image-store datastore1
--bridge-network vch1-bridge
--public-network vic-public
--public-network-ip 192.168.1.10/24
--public-network-gateway 192.168.1.1
--dns-server 192.168.10.10
--dns-server 192.168.10.11
--name vch1
--thumbprint certificate_thumbprint
--no-tlsverify