• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1355
  • Last Modified:

ESX Vsphere4 Subnet Routing +Vyatta

Hi Guys,

Well if you think I knew little about VMware switches/routing, I know even less about this one.......

Following on from my last posted Q I need to provide 'proof of concept' before I am allowed to purchase a proper switch!

( http://www.experts-exchange.com/Software/Virtualization/Q_26572734.html )

My suggestion is to setup a software based router (Vyatta) in order to provide routing between the LAN and VM Network subnet (10.0.0.x and 10.0.2.x).

I have installed Vyatta in a VM and but need to configure Vyatta to be a simple 'router', next question, how on earth do I do that?
0
wlewis123
Asked:
wlewis123
  • 10
  • 8
1 Solution
 
bgoeringCommented:
Hmmm, take a look at http://openmaniak.com/vyatta_tutorial.php and/or http://www.vyatta.org/documentation/tips-tricks and/or the quick start guide from the vyatta site to get you started. Its been a while since I played with vyatta, but I seem to recall for you issue (learned from the previous linked question) it should be as simple as 1, 2, 3.

1. Connect to virtual NICs from your vyatta vm to the two networks to be routed and assign an IP address from each subnet to those interfaces.

2. Put a default route in the Vyatta pointing to your current default route for your LAN

3. Change all of your hosts and VMs to point their default route to the vyatta

done....

( I could probably be more of a step by step help for Mononwall (http://m0n0.ch)

Good Luck
0
 
wlewis123Author Commented:
Hello again BG and Thanks for your valuable input. I have all the Vyatta doc's and have already tried to follow openmaniak's tutorials but my limited (ZERO!)
exposure to setting up routers has left me in a quandry.

1, I had already anticipated this and the Vyatta VM has two NIC's with IP addressing for each network (10.0.0.x & 10.0.2.x)
Q: I presume I need to have one NIC on the VM Network (10.0.2.x) and the other on my LAN (10.0.0.x)?

2, What 'route' does Vyatta need ? My best guess at the commands.....
configure
set protocols static route x.x.x.x/x next-hop x.x.x.x
commit
save
exit

3, You may need to expand a little here; what, where and how? (Bill is now dribbling in a corner of the room).

Thanks, Bill.
0
 
bgoeringCommented:
I am not certain of vyatta syntax - been a while - but that looks close

set protocols static route 0.0.0.0/0 next-hop x.x.x.x

should set a default route. Note that to implement a router in an environment that doesn't have one will involve changing the default gateway on all your hosts to point to the router...
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
bgoeringCommented:
And yes - you will need one vyatta nic on each network...
0
 
bgoeringCommented:
Disregard - just pulled down a copy of the quick start guide (http://www.vyatta.com/downloads/documentation/VC5.0.2/Vyatta_QuickStart_VC5_v03.pdf) for 5.03 - not sure what version you are on but it should still be close:

Specify the default gateway
Add the default gateway using the set system gateway-address command.
vyatta@R1# set system gateway-address 192.0.2.99
[edit]
vyatta@R1# commit
[edit]
vyatta@R1#
0
 
wlewis123Author Commented:
Hi BG,

I setup the Yvatta as suggested, I built a test VM (on the 10.0.0.x) LAN which works fine, can access the LAN and the the internet (default gateway 10.0.0.200).

What I cannot do is access (cannot ping) the test server or any other VM's, as if there is only a pone way route through Vyatta?

Cheers,

Bill.
0
 
bgoeringCommented:
Remember when adding a router to the network for the first time you will have to change some things on existing hosts

vyatta should have default gateway of your firewall
Everything on 10.0.0.0/24 should point gateway to vyatta
Everything on 10.0.2.0/24 should point gateway to vyatta

After that is done then all the hosts should be able to talk to one another and to internet
0
 
wlewis123Author Commented:
HI BG,

Vyatta default gateway on Vyatta is 10.0.0.200 which is the Sonicwall/Firewall (same as all PC's/servers on the LAN)

I do not have an issue with getting out, my test VM: 10.0.0.241 (LAN IP), using Default Gateway: 10.0.0.225 (Vyatta NIC2) works fine but I cannot ping or access 10.0.2.x from the 10.0.0.x network which is my original issue, no communication between the LAN and VM Network?

Should Vyatta have a 'fixed route' for this?

Cheers, BIll.
0
 
bgoeringCommented:
For a directly connected interface you shouldn't have to add a route. Try the command

show route

and see if it is identifying the 10.0.2.x network as connected to the proper ethx interface.

From a host on the 10.0.2.x network can you ping the vyatta? Does that host have its default gateway set to the vyatta?
0
 
bgoeringCommented:
Also - if I remember correctly you had your 10.0.2.x hosts dual-homed on both of your networks. For those hosts you will need to disable the network interface that is on the 10.0.0.x network, and again - set the default gateway to the 10.0.2.x vyatta address.

If still issues post screenshots of the networking page on your esx server, the edit settings screen from your vyatta vm, and the output from a show configuration command on the vyatta.
0
 
wlewis123Author Commented:
Well in to the night here (4:25am)...

Here is the ESX NIC's....



 ESX NIC's
0
 
wlewis123Author Commented:
Ignoring the Vyatta issue for a moment,

As both hosts (ESX1, ESX2) both have these NIC's, would that not cause the same issue we suspect that my Vcenter has caused IE: a NIC on each network?
0
 
bgoeringCommented:
If properly configured ESX can have nics in as many networks as is needed without causing any issues. It keeps the networks isolated from one another.

It was actually the previous page I was wanting to look at - the networking page that shows all of the vswitches, nics, and vm connections. Also the edit settings screen on the vyatta, and the vyatta configuration.
0
 
wlewis123Author Commented:

Hi BG,

Working offline from the VMsystem at this time so screen shots not available just now.

I have all physical and VM servers shutdown so there are just 2x ESX hosts, Vcenter, Vyatta and a test VM running, the gateway is up (10.0.0200).
I have removed the second NIC from Vcenter (10.0.0.x)

Vyatta configuration:

Vyatta@VR1:~$ show ip route foward
default via 10.0.0.200 dev eth1 proto zebra
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.225
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.222

Show configuration
protocols
       static
               route 0.0.0.0/0
                      next-hop 10.0.0.200

system
          gateway-address 100.0.200
          name-server 10.0.0.100

From Vyatta I can ping anything on 10.0.2.x and 10.0.0.x

My test VM (10.0.2.51) with 10.0.2.222 (Vyatta ETH0) as the gateway can ping Vyatta ETH1 10.0.0.225 but cannot get any further.

From Vyatta I can ping out through the network gateway (10.0.0.200) and ping back to the 10.0.2.x machines
0
 
bgoeringCommented:
"My test VM (10.0.2.51) with 10.0.2.222 (Vyatta ETH0) as the gateway can ping Vyatta ETH1 10.0.0.225 but cannot get any further"

It sounds like whatever you are trying to ping can't find its way back to the 10.0.2.x network. Put a machine on your 10.0.0.x network with a default gateway of 10.0.0.225 (vyatta eth1) and see if you can ping that machine. Before all is said and done you will likely need to add a route to your sonicwall for the 10.0.2.x network through 10.0.0.225.

It sounds like the vyatta is probably set up correctly. For your original network configure all hosts as follows:
IP address: 10.0.0.x
Mask 255.255.255.0
Gateway 10.0.0.225

For all machines on your 10.0.2.x network as follows:
IP address: 10.0.2.x
Mask 255.255.255.0
Gateway 10.0.2.222

For you sonicwall add a route:
Destinateion 10.0.2.0/24
Next Hop Address: 10.0.0.225
Metric: 1

Also looking at your screenshot above it appears that both of your NICs can see both networks - this is ok If you are trunking VLANs. Your ESX setup should be either:

vmnic1 -> vswitch1 -> portgroup for 10.0.0.x
vnmic2 -> vswitch2 -> portgroup for 10.0.2.x
This way if no VLANs are trunked

OR

vnmic1 ->                           portgroup for 10.0.0.x
                   vswitch1 ->
vmnic2 ->                           portgroup for 10.0.2.x
This way if the nics are carrying trunks

Wanted to see the networking page to verify


0
 
wlewis123Author Commented:
THanks BG, I will be looking at this over the weekend, Bill.
0
 
wlewis123Author Commented:
Hi BG, A Sunday afternoon well spent......

Added a route on the Sonicwall for the 10.0.2.x network, Gateway: 10.0.0.225
Set my test PC on the LAN to use 10.0.0.225 as the Default gateway

The VCenter VM (10.0.2.5) has Gateway of 10.0.2.222 and functions fine, can ping anything, access LAN (10.0.0.x) & web.

So now we can connect to the Vcenter (from the LAN) using 10.0.2.5  (Hurrah!!!).

Let's hope this resolves the actual issue, running Visioncore against the servers in VM?

Thanks again BG for all your help.

Bill.

0
 
bgoeringCommented:
Lets hope so too. Glad you got it going. I suspect there might be some different challenges when you go to replicate across the WAN though...
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 10
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now