public ip of system vm and public ip of guest vm on same network segment overlaps

[Domenico De Monte]

Hello,
i added a zone with advanced network with following network 
configuration on CS 4.2 but i was not able to setup same IP class on 
public traffic ( of system vm ) and guest traffic ( of guest vm ).

Scenario
Servers with VMware ESXi 5.1 have multiple nic:

2 nic connected to physical internet switch ( vSwitch0 standard )

2 nic connected to physical private switch ( vSwitch1 standard )

On CS i create a zone with advanced network and 5 physical interface:
1 physical interface for Public traffic connected to vSwitch0 ( i think 
it's system vm public traffic ).
1 physical interface for Guest traffic connected to vSwitch0 ( i think 
it's guest vm public traffic ).
1 physical interface for Guest traffic connected to vSwitch1 ( i think 
it's guest vm lan traffic ).
1 physical interface for Storage traffic connected to vSwitch1 ( i am 
sure it's storage traffic for snapshot, deploy and so on ).
1 physical interface for Management traffic connected to vSwitch1 ( i am 
sure it's for system vm traffic and so on ).


I do not want use vlan and i read on ml that if i do not setup them, 
they are just ignore from CS.

Assuming that i have a public ip class like 1.2.3.0/24.

On public traffic ( system vm i think ) i setup a range like following ( 
example ):
gw: 1.2.3.1
netmask: 255.255.255.0
start ip: 1.2.3.21
end ip: 12.3.30


On guest traffic ( on vSwitch0 so guest public traffic ) i want setup a 
different range but in SAME subnet:
gw: 1.2.3.1
netmask: 255.255.255.0
start ip: 1.2.3.31
end ip: 1.2.3.128

I can not do this cause CS stop me, warning about netmask/gw overlaps.

So i came to 2 possible solution:

1) Do subnetting for network: 1.2.3.0/24 and assign a /29 to public 
traffic ( system vm ) and different /28 to guest traffic.
2) Assign to public traffic ( system vm ), private IPs that will be 
natted to my router, so i can assign all public IPs that i want to guest 
vm. Also here i am not sure if everything works after that.

So my questions are:

1) Why system vm should have internet connection ? They need to receive 
incoming connection or i can nat them in order to reduce public ip usage ?

2) There is no other solution ? Can i skip somehow CS warning about 
netmask/gw overlap ?


Waiting for your reply


Best regards