Network Topology
Network Topology
I use pfSense as my firewall. I have created VLAN 200 with 192.168.200.0/22 for the lab network.
Internet
|
[pfSense Firewall/Router]
|
├─ VLAN 100 (192.168.100.0/24) - Main Network
| ├─ Workstations
| ├─ General devices
| └─ pfSense Gateway: 192.168.100.1
|
└─ VLAN 200 (192.168.200.0/22) - VMware Lab Network
├─ 192.168.200.0/24 - Management + VM_Management
├─ 192.168.201.0/24 - vMotion
├─ 192.168.202.0/24 - vSAN
├─ 192.168.203.0/24 - NSX TEP
└─ pfSense Gateway: 192.168.200.1/22 + IP AliasesSubnet Allocation (VCF requirement)
VCF requires separate subnets for different traffic types:
| Subnet | Purpose | Gateway (Alias) |
|---|---|---|
| 192.168.200.0/24 | Management + VM_Management | 192.168.200.1 (primary) |
| 192.168.201.0/24 | vMotion | 192.168.201.1 (alias) |
| 192.168.202.0/24 | vSAN | 192.168.202.1 (alias) |
| 192.168.203.0/24 | NSX TEP | 192.168.203.1 (alias) |
Tip
Why /22? VCF validation requires unique subnets for each network type. A /22 encompasses four /24 subnets while remaining on the same Layer 2 broadcast domain (single VLAN).
How routing works with /22
With 192.168.200.1/22 as the primary IP:
- pfSense considers 192.168.200.0 - 192.168.203.255 as directly connected
- All four /24 subnets share the same Layer 2 (VLAN 200)
- No static routes needed - traffic stays on the same broadcast domain
- IP aliases allow pfSense to respond to gateway ARPs from each subnet