Solved

ESX Vsphere4 Subnet Routing +Vyatta

Posted on 2010-11-16
18
1,337 Views
Last Modified: 2012-05-10
Hi Guys,

Well if you think I knew little about VMware switches/routing, I know even less about this one.......

Following on from my last posted Q I need to provide 'proof of concept' before I am allowed to purchase a proper switch!

( http://www.experts-exchange.com/Software/Virtualization/Q_26572734.html )

My suggestion is to setup a software based router (Vyatta) in order to provide routing between the LAN and VM Network subnet (10.0.0.x and 10.0.2.x).

I have installed Vyatta in a VM and but need to configure Vyatta to be a simple 'router', next question, how on earth do I do that?
0
Comment
Question by:wlewis123
  • 10
  • 8
18 Comments
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
Hmmm, take a look at http://openmaniak.com/vyatta_tutorial.php and/or http://www.vyatta.org/documentation/tips-tricks and/or the quick start guide from the vyatta site to get you started. Its been a while since I played with vyatta, but I seem to recall for you issue (learned from the previous linked question) it should be as simple as 1, 2, 3.

1. Connect to virtual NICs from your vyatta vm to the two networks to be routed and assign an IP address from each subnet to those interfaces.

2. Put a default route in the Vyatta pointing to your current default route for your LAN

3. Change all of your hosts and VMs to point their default route to the vyatta

done....

( I could probably be more of a step by step help for Mononwall (http://m0n0.ch)

Good Luck
0
 

Author Comment

by:wlewis123
Comment Utility
Hello again BG and Thanks for your valuable input. I have all the Vyatta doc's and have already tried to follow openmaniak's tutorials but my limited (ZERO!)
exposure to setting up routers has left me in a quandry.

1, I had already anticipated this and the Vyatta VM has two NIC's with IP addressing for each network (10.0.0.x & 10.0.2.x)
Q: I presume I need to have one NIC on the VM Network (10.0.2.x) and the other on my LAN (10.0.0.x)?

2, What 'route' does Vyatta need ? My best guess at the commands.....
configure
set protocols static route x.x.x.x/x next-hop x.x.x.x
commit
save
exit

3, You may need to expand a little here; what, where and how? (Bill is now dribbling in a corner of the room).

Thanks, Bill.
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
I am not certain of vyatta syntax - been a while - but that looks close

set protocols static route 0.0.0.0/0 next-hop x.x.x.x

should set a default route. Note that to implement a router in an environment that doesn't have one will involve changing the default gateway on all your hosts to point to the router...
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
And yes - you will need one vyatta nic on each network...
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
Disregard - just pulled down a copy of the quick start guide (http://www.vyatta.com/downloads/documentation/VC5.0.2/Vyatta_QuickStart_VC5_v03.pdf) for 5.03 - not sure what version you are on but it should still be close:

Specify the default gateway
Add the default gateway using the set system gateway-address command.
vyatta@R1# set system gateway-address 192.0.2.99
[edit]
vyatta@R1# commit
[edit]
vyatta@R1#
0
 

Author Comment

by:wlewis123
Comment Utility
Hi BG,

I setup the Yvatta as suggested, I built a test VM (on the 10.0.0.x) LAN which works fine, can access the LAN and the the internet (default gateway 10.0.0.200).

What I cannot do is access (cannot ping) the test server or any other VM's, as if there is only a pone way route through Vyatta?

Cheers,

Bill.
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
Remember when adding a router to the network for the first time you will have to change some things on existing hosts

vyatta should have default gateway of your firewall
Everything on 10.0.0.0/24 should point gateway to vyatta
Everything on 10.0.2.0/24 should point gateway to vyatta

After that is done then all the hosts should be able to talk to one another and to internet
0
 

Author Comment

by:wlewis123
Comment Utility
HI BG,

Vyatta default gateway on Vyatta is 10.0.0.200 which is the Sonicwall/Firewall (same as all PC's/servers on the LAN)

I do not have an issue with getting out, my test VM: 10.0.0.241 (LAN IP), using Default Gateway: 10.0.0.225 (Vyatta NIC2) works fine but I cannot ping or access 10.0.2.x from the 10.0.0.x network which is my original issue, no communication between the LAN and VM Network?

Should Vyatta have a 'fixed route' for this?

Cheers, BIll.
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
For a directly connected interface you shouldn't have to add a route. Try the command

show route

and see if it is identifying the 10.0.2.x network as connected to the proper ethx interface.

From a host on the 10.0.2.x network can you ping the vyatta? Does that host have its default gateway set to the vyatta?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 28

Expert Comment

by:bgoering
Comment Utility
Also - if I remember correctly you had your 10.0.2.x hosts dual-homed on both of your networks. For those hosts you will need to disable the network interface that is on the 10.0.0.x network, and again - set the default gateway to the 10.0.2.x vyatta address.

If still issues post screenshots of the networking page on your esx server, the edit settings screen from your vyatta vm, and the output from a show configuration command on the vyatta.
0
 

Author Comment

by:wlewis123
Comment Utility
Well in to the night here (4:25am)...

Here is the ESX NIC's....



 ESX NIC's
0
 

Author Comment

by:wlewis123
Comment Utility
Ignoring the Vyatta issue for a moment,

As both hosts (ESX1, ESX2) both have these NIC's, would that not cause the same issue we suspect that my Vcenter has caused IE: a NIC on each network?
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
If properly configured ESX can have nics in as many networks as is needed without causing any issues. It keeps the networks isolated from one another.

It was actually the previous page I was wanting to look at - the networking page that shows all of the vswitches, nics, and vm connections. Also the edit settings screen on the vyatta, and the vyatta configuration.
0
 

Author Comment

by:wlewis123
Comment Utility

Hi BG,

Working offline from the VMsystem at this time so screen shots not available just now.

I have all physical and VM servers shutdown so there are just 2x ESX hosts, Vcenter, Vyatta and a test VM running, the gateway is up (10.0.0200).
I have removed the second NIC from Vcenter (10.0.0.x)

Vyatta configuration:

Vyatta@VR1:~$ show ip route foward
default via 10.0.0.200 dev eth1 proto zebra
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.225
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.222

Show configuration
protocols
       static
               route 0.0.0.0/0
                      next-hop 10.0.0.200

system
          gateway-address 100.0.200
          name-server 10.0.0.100

From Vyatta I can ping anything on 10.0.2.x and 10.0.0.x

My test VM (10.0.2.51) with 10.0.2.222 (Vyatta ETH0) as the gateway can ping Vyatta ETH1 10.0.0.225 but cannot get any further.

From Vyatta I can ping out through the network gateway (10.0.0.200) and ping back to the 10.0.2.x machines
0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
Comment Utility
"My test VM (10.0.2.51) with 10.0.2.222 (Vyatta ETH0) as the gateway can ping Vyatta ETH1 10.0.0.225 but cannot get any further"

It sounds like whatever you are trying to ping can't find its way back to the 10.0.2.x network. Put a machine on your 10.0.0.x network with a default gateway of 10.0.0.225 (vyatta eth1) and see if you can ping that machine. Before all is said and done you will likely need to add a route to your sonicwall for the 10.0.2.x network through 10.0.0.225.

It sounds like the vyatta is probably set up correctly. For your original network configure all hosts as follows:
IP address: 10.0.0.x
Mask 255.255.255.0
Gateway 10.0.0.225

For all machines on your 10.0.2.x network as follows:
IP address: 10.0.2.x
Mask 255.255.255.0
Gateway 10.0.2.222

For you sonicwall add a route:
Destinateion 10.0.2.0/24
Next Hop Address: 10.0.0.225
Metric: 1

Also looking at your screenshot above it appears that both of your NICs can see both networks - this is ok If you are trunking VLANs. Your ESX setup should be either:

vmnic1 -> vswitch1 -> portgroup for 10.0.0.x
vnmic2 -> vswitch2 -> portgroup for 10.0.2.x
This way if no VLANs are trunked

OR

vnmic1 ->                           portgroup for 10.0.0.x
                   vswitch1 ->
vmnic2 ->                           portgroup for 10.0.2.x
This way if the nics are carrying trunks

Wanted to see the networking page to verify


0
 

Author Comment

by:wlewis123
Comment Utility
THanks BG, I will be looking at this over the weekend, Bill.
0
 

Author Comment

by:wlewis123
Comment Utility
Hi BG, A Sunday afternoon well spent......

Added a route on the Sonicwall for the 10.0.2.x network, Gateway: 10.0.0.225
Set my test PC on the LAN to use 10.0.0.225 as the Default gateway

The VCenter VM (10.0.2.5) has Gateway of 10.0.2.222 and functions fine, can ping anything, access LAN (10.0.0.x) & web.

So now we can connect to the Vcenter (from the LAN) using 10.0.2.5  (Hurrah!!!).

Let's hope this resolves the actual issue, running Visioncore against the servers in VM?

Thanks again BG for all your help.

Bill.

0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
Lets hope so too. Glad you got it going. I suspect there might be some different challenges when you go to replicate across the WAN though...
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now