VMware

This Question is Not Answered

1 "correct" answer available (10 pts) 2 "helpful" answers available (6 pts)
3 Replies Last post: Nov 26, 2008 11:24 AM by vinnyb  

vSwitch in Promiscuous mode still getting packets from "Unused" adapters posted: Nov 25, 2008 5:43 PM

Click to view vinnyb's profile Lurker
vinnyb
2 posts since
Mar 22, 2006

I was experimenting today with using Cisco RSPAN vlans to replicate switch traffic to Wireshark on one of my VMs and came across something odd. It appears that even though I've marked an adapter as "unused" for a particular promiscuous port group on a vSwitch, I still get packets from both adapters. Here's the basics of the setup:

  • ESX 3.5 update 2
  • My ESX host has two NICs connected to a single switch
  • Both NICs belong to vSwitch0
  • Port Group "RSPAN901" has one of the NICs as active and the other as unused
  • Created vlan 901 on my Cisco switches and configured it for remote spanning
  • Added a 2nd NIC to my VM and attached it to "RSPAN901"

When everything was turned on, I was seeing 2 copies of each packet in Wireshark on the VM. The only way around the double packets was to disallow vlan 901 on one of the ESX host NICs. I find this odd because I took the meaning of "unused" literally.

Questions:

  • Is this behaviour by design or am I missing something?
  • Has anyone else come across this?
Tags: vswitch, promiscuous, rspan, monitoring

Re: vSwitch in Promiscuous mode still getting packets from "Unused" adapters

1. Nov 26, 2008 7:04 AM in response to: vinnyb
Click to view Texiwill's profile Guru
Texiwill
10,205 posts since
Jan 13, 2004
Hello,

Questions:

  • Is this behaviour by design or am I missing something?
  • Has anyone else come across this?

Unless the physical switch is sending the data through to the pNIC you would only see one packet. Does this happen on incoming traffic or just outgoing traffic or both. If it is both then the physical switch is also an issue. if it is just one way, you may be able to determine what is happening.


Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
SearchVMware Blog: http://itknowledgeexchange.techtarget.com/virtualization-pro/
Blue Gears Blogs - http://www.itworld.com/ and http://www.networkworld.com/community/haletky
As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

Re: vSwitch in Promiscuous mode still getting packets from "Unused" adapters

2. Nov 26, 2008 10:08 AM in response to: vinnyb
Click to view nabsltd's profile Enthusiast
nabsltd
43 posts since
Dec 11, 2007
I'm seeing a similar issue.

I have a port group that has three pNICs attached to it. Two of the pNICs are set to "Active", with the other set to "Standby" or "Unused" (I've been testing both). I have to set the physical switch to "trunk" (EtherChannel, in Cisco speak) the ports to the three NICs so that I can load-balance the two active pNICs. When I do this, I see the same behavior you are seeing..."Unused" or "Standby" pNICs are receiving and sending traffic.

Basically, the physical switch doesn't seem to know which pNICs are active as part of the trunking, and that explains the receiving, but I have no clue why ESX is transmitting on pNICs that aren't "Active".

I don't have any problems if I have just one pNIC "Active", because then I can set the switch not to trunk. In that case, there is no activity on the "Standby" or "Unused" pNics.

Re: vSwitch in Promiscuous mode still getting packets from "Unused" adapters

3. Nov 26, 2008 11:24 AM in response to: nabsltd
Click to view vinnyb's profile Lurker
vinnyb
2 posts since
Mar 22, 2006

nabsltd wrote:I'm seeing a similar issue.

Basically, the physical switch doesn't seem to know which pNICs are active as part of the trunking, and that explains the receiving, but I have no clue why ESX is transmitting on pNICs that aren't "Active".

I don't have any problems if I have just one pNIC "Active", because then I can set the switch not to trunk. In that case, there is no activity on the "Standby" or "Unused" pNics.

Using Etherchannel should produce about the same behaviour as my RSPAN vlan, RSPAN essentially causes the the VLAN act like a hub sending all traffic to all member or trunk ports. The part I don't get is why VMware is passing received traffic all the way to the VM on "unused" NICs.

Texiwill: I don't send any traffic into the RSPAN VLAN so I'm not sure if the problem exists both ways.

Actions

VMware Developer

SDKs, APIs, Videos, Learn and much more in the Developer community.

Learn More

Developer Sample Code

Increase your developer productivity with VMware API sample code.

Learn More

VMworld Sessions & Labs

Online access to the latest VMworld Sessions & Labs and online services.

Learn more

Purchase PSO Credits Online

Purchase credits to redeem training and consulting services online.

Buy Now

Community Hardware Software

View reported configurations or report your own.

Learn More

VMware vSphere

Come witness the next giant leap in virtualization.

Register Today

Communities