Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

ESX Vsphere4 Subnet Routing +Vyatta

Posted on 2010-11-16
18
1,345 Views
Last Modified: 2012-05-10
Hi Guys,

Well if you think I knew little about VMware switches/routing, I know even less about this one.......

Following on from my last posted Q I need to provide 'proof of concept' before I am allowed to purchase a proper switch!

( http://www.experts-exchange.com/Software/Virtualization/Q_26572734.html )

My suggestion is to setup a software based router (Vyatta) in order to provide routing between the LAN and VM Network subnet (10.0.0.x and 10.0.2.x).

I have installed Vyatta in a VM and but need to configure Vyatta to be a simple 'router', next question, how on earth do I do that?
0
Comment
Question by:wlewis123
  • 10
  • 8
18 Comments
 
LVL 28

Expert Comment

by:bgoering
ID: 34155521
Hmmm, take a look at http://openmaniak.com/vyatta_tutorial.php and/or http://www.vyatta.org/documentation/tips-tricks and/or the quick start guide from the vyatta site to get you started. Its been a while since I played with vyatta, but I seem to recall for you issue (learned from the previous linked question) it should be as simple as 1, 2, 3.

1. Connect to virtual NICs from your vyatta vm to the two networks to be routed and assign an IP address from each subnet to those interfaces.

2. Put a default route in the Vyatta pointing to your current default route for your LAN

3. Change all of your hosts and VMs to point their default route to the vyatta

done....

( I could probably be more of a step by step help for Mononwall (http://m0n0.ch)

Good Luck
0
 

Author Comment

by:wlewis123
ID: 34161168
Hello again BG and Thanks for your valuable input. I have all the Vyatta doc's and have already tried to follow openmaniak's tutorials but my limited (ZERO!)
exposure to setting up routers has left me in a quandry.

1, I had already anticipated this and the Vyatta VM has two NIC's with IP addressing for each network (10.0.0.x & 10.0.2.x)
Q: I presume I need to have one NIC on the VM Network (10.0.2.x) and the other on my LAN (10.0.0.x)?

2, What 'route' does Vyatta need ? My best guess at the commands.....
configure
set protocols static route x.x.x.x/x next-hop x.x.x.x
commit
save
exit

3, You may need to expand a little here; what, where and how? (Bill is now dribbling in a corner of the room).

Thanks, Bill.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34161227
I am not certain of vyatta syntax - been a while - but that looks close

set protocols static route 0.0.0.0/0 next-hop x.x.x.x

should set a default route. Note that to implement a router in an environment that doesn't have one will involve changing the default gateway on all your hosts to point to the router...
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 28

Expert Comment

by:bgoering
ID: 34161233
And yes - you will need one vyatta nic on each network...
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34161245
Disregard - just pulled down a copy of the quick start guide (http://www.vyatta.com/downloads/documentation/VC5.0.2/Vyatta_QuickStart_VC5_v03.pdf) for 5.03 - not sure what version you are on but it should still be close:

Specify the default gateway
Add the default gateway using the set system gateway-address command.
vyatta@R1# set system gateway-address 192.0.2.99
[edit]
vyatta@R1# commit
[edit]
vyatta@R1#
0
 

Author Comment

by:wlewis123
ID: 34167661
Hi BG,

I setup the Yvatta as suggested, I built a test VM (on the 10.0.0.x) LAN which works fine, can access the LAN and the the internet (default gateway 10.0.0.200).

What I cannot do is access (cannot ping) the test server or any other VM's, as if there is only a pone way route through Vyatta?

Cheers,

Bill.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34169051
Remember when adding a router to the network for the first time you will have to change some things on existing hosts

vyatta should have default gateway of your firewall
Everything on 10.0.0.0/24 should point gateway to vyatta
Everything on 10.0.2.0/24 should point gateway to vyatta

After that is done then all the hosts should be able to talk to one another and to internet
0
 

Author Comment

by:wlewis123
ID: 34170056
HI BG,

Vyatta default gateway on Vyatta is 10.0.0.200 which is the Sonicwall/Firewall (same as all PC's/servers on the LAN)

I do not have an issue with getting out, my test VM: 10.0.0.241 (LAN IP), using Default Gateway: 10.0.0.225 (Vyatta NIC2) works fine but I cannot ping or access 10.0.2.x from the 10.0.0.x network which is my original issue, no communication between the LAN and VM Network?

Should Vyatta have a 'fixed route' for this?

Cheers, BIll.
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34170114
For a directly connected interface you shouldn't have to add a route. Try the command

show route

and see if it is identifying the 10.0.2.x network as connected to the proper ethx interface.

From a host on the 10.0.2.x network can you ping the vyatta? Does that host have its default gateway set to the vyatta?
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34170178
Also - if I remember correctly you had your 10.0.2.x hosts dual-homed on both of your networks. For those hosts you will need to disable the network interface that is on the 10.0.0.x network, and again - set the default gateway to the 10.0.2.x vyatta address.

If still issues post screenshots of the networking page on your esx server, the edit settings screen from your vyatta vm, and the output from a show configuration command on the vyatta.
0
 

Author Comment

by:wlewis123
ID: 34170386
Well in to the night here (4:25am)...

Here is the ESX NIC's....



 ESX NIC's
0
 

Author Comment

by:wlewis123
ID: 34170390
Ignoring the Vyatta issue for a moment,

As both hosts (ESX1, ESX2) both have these NIC's, would that not cause the same issue we suspect that my Vcenter has caused IE: a NIC on each network?
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34172430
If properly configured ESX can have nics in as many networks as is needed without causing any issues. It keeps the networks isolated from one another.

It was actually the previous page I was wanting to look at - the networking page that shows all of the vswitches, nics, and vm connections. Also the edit settings screen on the vyatta, and the vyatta configuration.
0
 

Author Comment

by:wlewis123
ID: 34184582

Hi BG,

Working offline from the VMsystem at this time so screen shots not available just now.

I have all physical and VM servers shutdown so there are just 2x ESX hosts, Vcenter, Vyatta and a test VM running, the gateway is up (10.0.0200).
I have removed the second NIC from Vcenter (10.0.0.x)

Vyatta configuration:

Vyatta@VR1:~$ show ip route foward
default via 10.0.0.200 dev eth1 proto zebra
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.225
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.222

Show configuration
protocols
       static
               route 0.0.0.0/0
                      next-hop 10.0.0.200

system
          gateway-address 100.0.200
          name-server 10.0.0.100

From Vyatta I can ping anything on 10.0.2.x and 10.0.0.x

My test VM (10.0.2.51) with 10.0.2.222 (Vyatta ETH0) as the gateway can ping Vyatta ETH1 10.0.0.225 but cannot get any further.

From Vyatta I can ping out through the network gateway (10.0.0.200) and ping back to the 10.0.2.x machines
0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 34184805
"My test VM (10.0.2.51) with 10.0.2.222 (Vyatta ETH0) as the gateway can ping Vyatta ETH1 10.0.0.225 but cannot get any further"

It sounds like whatever you are trying to ping can't find its way back to the 10.0.2.x network. Put a machine on your 10.0.0.x network with a default gateway of 10.0.0.225 (vyatta eth1) and see if you can ping that machine. Before all is said and done you will likely need to add a route to your sonicwall for the 10.0.2.x network through 10.0.0.225.

It sounds like the vyatta is probably set up correctly. For your original network configure all hosts as follows:
IP address: 10.0.0.x
Mask 255.255.255.0
Gateway 10.0.0.225

For all machines on your 10.0.2.x network as follows:
IP address: 10.0.2.x
Mask 255.255.255.0
Gateway 10.0.2.222

For you sonicwall add a route:
Destinateion 10.0.2.0/24
Next Hop Address: 10.0.0.225
Metric: 1

Also looking at your screenshot above it appears that both of your NICs can see both networks - this is ok If you are trunking VLANs. Your ESX setup should be either:

vmnic1 -> vswitch1 -> portgroup for 10.0.0.x
vnmic2 -> vswitch2 -> portgroup for 10.0.2.x
This way if no VLANs are trunked

OR

vnmic1 ->                           portgroup for 10.0.0.x
                   vswitch1 ->
vmnic2 ->                           portgroup for 10.0.2.x
This way if the nics are carrying trunks

Wanted to see the networking page to verify


0
 

Author Comment

by:wlewis123
ID: 34217527
THanks BG, I will be looking at this over the weekend, Bill.
0
 

Author Comment

by:wlewis123
ID: 34226393
Hi BG, A Sunday afternoon well spent......

Added a route on the Sonicwall for the 10.0.2.x network, Gateway: 10.0.0.225
Set my test PC on the LAN to use 10.0.0.225 as the Default gateway

The VCenter VM (10.0.2.5) has Gateway of 10.0.2.222 and functions fine, can ping anything, access LAN (10.0.0.x) & web.

So now we can connect to the Vcenter (from the LAN) using 10.0.2.5  (Hurrah!!!).

Let's hope this resolves the actual issue, running Visioncore against the servers in VM?

Thanks again BG for all your help.

Bill.

0
 
LVL 28

Expert Comment

by:bgoering
ID: 34226408
Lets hope so too. Glad you got it going. I suspect there might be some different challenges when you go to replicate across the WAN though...
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question