Capabilities

• Virtual Private Networks (VPCs): Organizations can create one or more VPCs within their tenant. Each VPC operates in an isolated network space with its own CIDR range, enabling the reuse of CIDR blocks across different tenants or VPCs without conflict. Isolation is enforced through a dedicated VRF for each VPC.

• Subnets: Subnets can be defined within a VPC to support logical network segmentation. Each subnet is mapped to a specific VLAN ID on the underlying infrastructure, providing traffic isolation and improved IP address management.

• Source NAT Rules: Outbound traffic from a VPC is routed through a tenant-specific IP gateway using Source Network Address Translation.

• Destination NAT Rules: Inbound traffic can be controlled using Destination NAT rules to expose selected resources to external systems.

This network model provides a flexible, secure foundation for hosting virtual machines in isolated environments, supporting both development and production workloads.