Creating Second Subnet using Vpshere

Just to be clear -- you want to create virtual machines that use a different subnet than the one that your VMWare hosts are using?  As long as you are not using VLANs (or the two subnets are on the same VLAN), it will work.

If the second network is purely for use between VMs and has no connection to the physical network, it's best to create a second vSwitch with no adapter association. You can do this by going into "Configuration", "Networking" and "Add Networking..." to create a new Virtual Machine connection. When you get to the Network Access screen, select "Create a vSphere Standard Switch" and uncheck any NICs that may be selected. You can then assign this network to a second virtual NIC in your VMs and keep everything separate from the physical network.

This assumes that you're using ESXi and the VI Client.

I am using esxi 5 and the VI CLient.

The virtual machines need to have access to the internet, so the second subnet might have to be bridged?

I have read that some people create a vm with 2 network adapter and bridge them.


I know i can accomplish this by using a second nic on the host, and connecting it to a router/firewall that has the subnet/configuratin that i need, but i would rather not add more hardware to my setup.

Buddurlan i am not exactly clear as to the solution you are presenting?

I have also seen virtualized router/firewalls...that might be the route i need to go down but i am not sure. If the Vi client can facilitate my goals that would be ideal.

If you're bridging them, then it doesn't really make much sense to have them separate. If your router supports it, I would add a secondary IP address for the second network and then just run your VMs with the second network's addressing on the same NIC as the primary network.  From the VI Client's perspective, each VM would be configured as if it were on the primary network. Only the IP configuration in the guest changes.

Alternately, you could follow my initial suggestion and run a virtual router instance connected to both vSwitches. I've used Vyatta to accomplish this in the past.

the only reason i need them separate is become i am virutalizing a dc with dhcp ect.

im not worried about separating traffic.

my router does not support adding in second subnets. (att gateway)

any other suggestions? it sounds like i cannot accomplish this with just the VI client.


AFter this is confirmed i will move on the the vyatta virtual router method.

Well, you can definitely set up separate networks with just the VI client.  Routing between them is entirely a different story.  You're not going to get that part without involving your router or a router appliance in a VM.  If you've got broadcast technology in the mix, like DHCP, then you're definitely going to want to do the second vSwitch method to keep everything separate.  You can then use a virtual appliance to provide routing and/or NAT to your AT&T gateway for Internet access.

OK excellent, i will create my Vyatta Router VM, and report back.

Thank you very much for the help thus far.

Vyatta's just one product I've used for this.  There are plenty of others, some simpler, depending on what you require.

I dont require much, but i have not done too much research on the virtual appliances out there.

One thing i like about vyatta is that  there is a free version.

If you have another product that you recommend i would be delighted to know.

Of all the ones I've seen, Vyatta is the most flexible in this situation. I'm just saying that you shouldn't feel that's your only option if you have something else you would prefer to use.

well, the open source version of vyatta is command line based.

now that i have vyatta installed though and have my vswitch set to no attapters , how will i get the virtual machines on this network connected to the web?

Most routers are command-line based, unless you're talking about home gateways.  I've heard that Vyatta's community edition has a GUI starting with version 5, but I've never tried it out.

When configuring the VM guest, you'll want one vNIC in the Vyatta connected to your vSwitch0 for access to your AT&T Gateway and then another vNIC on your vSwitch1 for access to your separate network.

If your AT&T Gateway doesn't support adding a static route back to the Vyatta instance, you'll need to configure NAT so that the Gateway thinks everything is on a directly connected LAN.

so if thats the case, can i do this on my dhcp/domain controller. and have it hand out ips being handed in the 192.168.16.1 subnet, and have internet connectivity or will i have to add a second nic to every vm?

You could do DHCP on your DC, but the router will have to forward requests. Better to have the router handle DHCP. The guest VMs will only need a vNIC on the second vSwitch.

quick question on the tangent...

Setup a sonicwall firewall/router with my desired subnet (192.168.16.1)
 it has its own internet connection

i have plugged this into my second nic on my vmbox...

how can i create this seperate network using the second nic?

seems like it wont let me use a second gateway when attempting to add a management kernel (not sure that's what i want to do)...

ok so it now works, no need for managment kernel, just added switch (makes sense since im not managing vm host with the nic)

will report back later with more findings after my setup is complete and will give credit where due. THank you for the help.