> For the complete documentation index, see [llms.txt](https://docs.vergeos-demo.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vergeos-demo.com/run-the-platform/networking/network-concepts.md). # Networking Concepts This guide provides a foundational introduction to VergeOS networking, helping beginners get familiar with its key concepts and features. ## VergeOS Networks ### Physical Network A physical network is a representation of each isolated layer 2 connection. Physical networks are typically all configured during VergeOS install. {% hint style="success" %} **The system automatically appends "Switch" to the end of the user-supplied name during install, for ex: for name "PXE", the system will give the physical network the name "PXE Switch"** {% endhint %} ### Core Network A virtual network, created automatically during the VergeOS installation/tenant creation, to handle all vSAN and internode communication. Core traffic is run across multiple (typically two) physical networks to provide redundancy. ### DMZ Networks A virtual network, created automatically during the VergeOS installation/tenant creation, used as a connection point for all networks. Every VergeOS cloud has one DMZ network; there is a DMZ network at the physical host level; additionally, each tenant has one DMZ network. The DMZ provides for all networks to communicate over layer 3. ### Internal Network A virtual network originated within VergeOS (e.g. from the UI or via VergeOS API). Any number of internal networks can be created, with each being initiated default-secure. Network rules can be used to open up access between internal networks and through external networks, as needed. ### External Network Corresponds to a network outside the VergeOS system; any pre-existing network that will be interfaced with VergeOS (e.g. company LAN, direct WAN connection, WI-FI network, etc.) In a VergeOS system there is typically at least one external network and there can be multiple. External networks can be defined during or after VergeOS system installation/tenant creation. A single system may have multiple external networks each with its own physical connection; additionally, multiple external networks can be associated with a single physical network connection, where each external network corresponds to one or more dedicated VLAN IDs. ### Maintenance Network A special External network intended to handle IPMI or out-of-band management access to physical nodes and optional PXE boot. A maintenance network can be created during the initial installation on physical nodes or can be created after installation. ## Tenant Networking With each new tenant, a virtual network is automatically created to aggregate and encapsulate all of that tenant's traffic. From the tenant's perspective, this is their physical network. A tenant is then able to create a virtually unlimited number of virtual networks within their own environment. A tenant is typically assigned one or more external IP addresses and traffic is routed through an external network on its host. Layer 2 external access can also be configured to a tenant (e.g. tenant has its own dedicated WAN connection or a dedicated VLAN on the external connection) ## Traffic Flow The KB article: [Understanding Traffic Flow ](/knowledge-base/networking/understanding-traffic-flow.md)provides diagrams depicting how network traffic moves through a VergeOS system. ## Layer 2/Layer 3 Support Built-in Software Defined Networking (SDN) provides the ability to create/destroy virtual networks on-the-fly without hardware changes. Both Layer 3 and Layer 2 virtual networks are supported: ### Layer 3 Networks Full network management, IP administration (DHCP, DNS, routing, firewall, etc.) available from within VergeOS. ### Layer 2 Networks The network is managed up to layer 2 by VergeOS, with cross-node routing handled within the VergeOS DMZ network; IP-level administration is handled in third-party tools (e.g. virtual firewall/router appliance). ## Network Rules Rules govern incoming and outgoing traffic to the network, replacing the traditional role of firewalls, routers and switches. Rules can be defined on all VergeOS networks, allowing more granular security. * **Firewall** - accept, drop, or reject packets based on defined criteria * **Routing** - to direct traffic between VergeOS networks and out to external networks with defined static routes * **NAT/PAT** - map external-internal/internal-internal IP addresses/ports (most often used to conserve external IP addresses) More information about working with rules is available at: [**Network Rules**](/run-the-platform/networking/network-rules.md) ## Network Monitoring and Diagnostics VergeOS provides several tools for monitoring and analyzing network traffic: * [**Network Dashboards:**](/run-the-platform/networking/network-dashboards.md) Observe real-time and historical network activity within the VergeOS user interface * [**Port Mirroring:**](/run-the-platform/networking/port-mirroring.md) Replicate a network's traffic to a VM NIC for comprehensive examination and analysis * [**Track Network Statistics:**](/run-the-platform/networking/tracking-net-statistics.md) Obtain granular traffic analysis per individual network rule * [**Network Diagnostics Tool:**](/run-the-platform/networking/network-diagnostics.md) Use built-in, user-friendly interface on each network for convenient troubleshooting * [**Subscriptions:**](/run-the-platform/system-administration/subscriptions-overview.md) Select Network-type subscriptions to create alerts and reports for your networks --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vergeos-demo.com/run-the-platform/networking/network-concepts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.