ESX Vsphere4 Subnet Routing +Vyatta

Hi Guys,

Well if you think I knew little about VMware switches/routing, I know even less about this one.......

Following on from my last posted Q I need to provide 'proof of concept' before I am allowed to purchase a proper switch!

( )

My suggestion is to setup a software based router (Vyatta) in order to provide routing between the LAN and VM Network subnet (10.0.0.x and 10.0.2.x).

I have installed Vyatta in a VM and but need to configure Vyatta to be a simple 'router', next question, how on earth do I do that?
Who is Participating?
"My test VM ( with (Vyatta ETH0) as the gateway can ping Vyatta ETH1 but cannot get any further"

It sounds like whatever you are trying to ping can't find its way back to the 10.0.2.x network. Put a machine on your 10.0.0.x network with a default gateway of (vyatta eth1) and see if you can ping that machine. Before all is said and done you will likely need to add a route to your sonicwall for the 10.0.2.x network through

It sounds like the vyatta is probably set up correctly. For your original network configure all hosts as follows:
IP address: 10.0.0.x

For all machines on your 10.0.2.x network as follows:
IP address: 10.0.2.x

For you sonicwall add a route:
Next Hop Address:
Metric: 1

Also looking at your screenshot above it appears that both of your NICs can see both networks - this is ok If you are trunking VLANs. Your ESX setup should be either:

vmnic1 -> vswitch1 -> portgroup for 10.0.0.x
vnmic2 -> vswitch2 -> portgroup for 10.0.2.x
This way if no VLANs are trunked


vnmic1 ->                           portgroup for 10.0.0.x
                   vswitch1 ->
vmnic2 ->                           portgroup for 10.0.2.x
This way if the nics are carrying trunks

Wanted to see the networking page to verify

Hmmm, take a look at and/or and/or the quick start guide from the vyatta site to get you started. Its been a while since I played with vyatta, but I seem to recall for you issue (learned from the previous linked question) it should be as simple as 1, 2, 3.

1. Connect to virtual NICs from your vyatta vm to the two networks to be routed and assign an IP address from each subnet to those interfaces.

2. Put a default route in the Vyatta pointing to your current default route for your LAN

3. Change all of your hosts and VMs to point their default route to the vyatta


( I could probably be more of a step by step help for Mononwall (

Good Luck
wlewis123Author Commented:
Hello again BG and Thanks for your valuable input. I have all the Vyatta doc's and have already tried to follow openmaniak's tutorials but my limited (ZERO!)
exposure to setting up routers has left me in a quandry.

1, I had already anticipated this and the Vyatta VM has two NIC's with IP addressing for each network (10.0.0.x & 10.0.2.x)
Q: I presume I need to have one NIC on the VM Network (10.0.2.x) and the other on my LAN (10.0.0.x)?

2, What 'route' does Vyatta need ? My best guess at the commands.....
set protocols static route x.x.x.x/x next-hop x.x.x.x

3, You may need to expand a little here; what, where and how? (Bill is now dribbling in a corner of the room).

Thanks, Bill.
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

I am not certain of vyatta syntax - been a while - but that looks close

set protocols static route next-hop x.x.x.x

should set a default route. Note that to implement a router in an environment that doesn't have one will involve changing the default gateway on all your hosts to point to the router...
And yes - you will need one vyatta nic on each network...
Disregard - just pulled down a copy of the quick start guide ( for 5.03 - not sure what version you are on but it should still be close:

Specify the default gateway
Add the default gateway using the set system gateway-address command.
vyatta@R1# set system gateway-address
vyatta@R1# commit
wlewis123Author Commented:
Hi BG,

I setup the Yvatta as suggested, I built a test VM (on the 10.0.0.x) LAN which works fine, can access the LAN and the the internet (default gateway

What I cannot do is access (cannot ping) the test server or any other VM's, as if there is only a pone way route through Vyatta?


Remember when adding a router to the network for the first time you will have to change some things on existing hosts

vyatta should have default gateway of your firewall
Everything on should point gateway to vyatta
Everything on should point gateway to vyatta

After that is done then all the hosts should be able to talk to one another and to internet
wlewis123Author Commented:

Vyatta default gateway on Vyatta is which is the Sonicwall/Firewall (same as all PC's/servers on the LAN)

I do not have an issue with getting out, my test VM: (LAN IP), using Default Gateway: (Vyatta NIC2) works fine but I cannot ping or access 10.0.2.x from the 10.0.0.x network which is my original issue, no communication between the LAN and VM Network?

Should Vyatta have a 'fixed route' for this?

Cheers, BIll.
For a directly connected interface you shouldn't have to add a route. Try the command

show route

and see if it is identifying the 10.0.2.x network as connected to the proper ethx interface.

From a host on the 10.0.2.x network can you ping the vyatta? Does that host have its default gateway set to the vyatta?
Also - if I remember correctly you had your 10.0.2.x hosts dual-homed on both of your networks. For those hosts you will need to disable the network interface that is on the 10.0.0.x network, and again - set the default gateway to the 10.0.2.x vyatta address.

If still issues post screenshots of the networking page on your esx server, the edit settings screen from your vyatta vm, and the output from a show configuration command on the vyatta.
wlewis123Author Commented:
Well in to the night here (4:25am)...

Here is the ESX NIC's....

wlewis123Author Commented:
Ignoring the Vyatta issue for a moment,

As both hosts (ESX1, ESX2) both have these NIC's, would that not cause the same issue we suspect that my Vcenter has caused IE: a NIC on each network?
If properly configured ESX can have nics in as many networks as is needed without causing any issues. It keeps the networks isolated from one another.

It was actually the previous page I was wanting to look at - the networking page that shows all of the vswitches, nics, and vm connections. Also the edit settings screen on the vyatta, and the vyatta configuration.
wlewis123Author Commented:

Hi BG,

Working offline from the VMsystem at this time so screen shots not available just now.

I have all physical and VM servers shutdown so there are just 2x ESX hosts, Vcenter, Vyatta and a test VM running, the gateway is up (10.0.0200).
I have removed the second NIC from Vcenter (10.0.0.x)

Vyatta configuration:

Vyatta@VR1:~$ show ip route foward
default via dev eth1 proto zebra dev eth1 proto kernel scope link src dev eth0 proto kernel scope link src

Show configuration

          gateway-address 100.0.200

From Vyatta I can ping anything on 10.0.2.x and 10.0.0.x

My test VM ( with (Vyatta ETH0) as the gateway can ping Vyatta ETH1 but cannot get any further.

From Vyatta I can ping out through the network gateway ( and ping back to the 10.0.2.x machines
wlewis123Author Commented:
THanks BG, I will be looking at this over the weekend, Bill.
wlewis123Author Commented:
Hi BG, A Sunday afternoon well spent......

Added a route on the Sonicwall for the 10.0.2.x network, Gateway:
Set my test PC on the LAN to use as the Default gateway

The VCenter VM ( has Gateway of and functions fine, can ping anything, access LAN (10.0.0.x) & web.

So now we can connect to the Vcenter (from the LAN) using  (Hurrah!!!).

Let's hope this resolves the actual issue, running Visioncore against the servers in VM?

Thanks again BG for all your help.


Lets hope so too. Glad you got it going. I suspect there might be some different challenges when you go to replicate across the WAN though...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.