VMware Cloud Community
clopmz
Enthusiast
Enthusiast
Jump to solution

Several problems with isolated networks under ESXi 6.5

Hi all,

I have installed an ESXi 6.5 Update1 Build 6765664 host to do some tests with isolated environments. To accomplish this, I have setup the following vswitches:

[root@scotland:~] esxcfg-vswitch -l

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks  

vSwitch0         2432        6           128               1500    vmnic0   

  PortGroup Name        VLAN ID  Used Ports  Uplinks  

  Prod_Network          0        2           vmnic0   

  Management Network    0        1           vmnic0   

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks  

pub01_vs         2432        4           1024              1500    vmnic1   

  PortGroup Name        VLAN ID  Used Ports  Uplinks  

  Pub01_Network         0        1           vmnic1   

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks  

pub02_vs         2432        2           1024              1500             

  PortGroup Name        VLAN ID  Used Ports  Uplinks  

  Pub02_Network         0        1                    

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks  

dmzpub_vs        2432        3           1024              1500             

  PortGroup Name        VLAN ID  Used Ports  Uplinks  

  DMZ_Network           0        2                    

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks  

mgmt_vs          2432        2           1024              1500             

  PortGroup Name        VLAN ID  Used Ports  Uplinks  

  Mgmt_Network          0        1                    

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks  

enc_vs           2432        2           1024              1500             

  PortGroup Name        VLAN ID  Used Ports  Uplinks  

  Enc_Network           0        1                    

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks  

vpn_vs           2432        2           1024              1500             

  PortGroup Name        VLAN ID  Used Ports  Uplinks  

  VPN_Network           0        1                    

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks  

fwsync_vs        2432        2           1024              1500             

  PortGroup Name        VLAN ID  Used Ports  Uplinks  

  FwSync_Network        0        1                    

As you can see, only two switches have physical nics attached. I have setup three virtual machines:

- A DNS server connected to Prod_Network virtual switch

- A virtual firewall (without rules, all traffic is allowed during all tests) connected to all virtual switches.

- A test machine connected only to DMZ_Network virtual switch.

Ok, now the problem. DMZ's test machine can't ping to DNS virtual machine connected to internal Prod_Network virtual switch. Internal DNS server can't ping to DMZ's test machine. Firewall (without rules, all traffic is allowed) can't ping to DMZ's test machine. Firewall can ping to internal DNS machine and DNS internal machine can ping to firewall.

On the other side, firewall machine can't see any traffic on Pub01_Network virtual (which has a physical nic attached and this nic is connected to an ADSL). But, surprisingly, firewall can see traffic on Pub02_Network from ADSL network ... ¿¿¿¿???? Why?? Pub02_Network doesn't have any physical nic attached.

I don't understand anything.

Any light please?

Reply
0 Kudos
1 Solution

Accepted Solutions
clopmz
Enthusiast
Enthusiast
Jump to solution

Thanks Finikiez for your help, but now problem is solved.

I don't know why, but changing vmxnet3 by e1000 as a virtual network interface for Firewall vm, all works ok. At this point, it seems a bug with vmxnet3 under OpenBSD.

View solution in original post

Reply
0 Kudos
2 Replies
Finikiez
Champion
Champion
Jump to solution

Hi!

Some additional info is needed.

1. What is an IP configuration on all 3 VMs? (IP address, netmask and default GW)

2. Security policies settings on all switches? (Especialy promiscuos mode).

3. Where do you see that firewall VM sees the traffic? do you use wireshar or what?

Reply
0 Kudos
clopmz
Enthusiast
Enthusiast
Jump to solution

Thanks Finikiez for your help, but now problem is solved.

I don't know why, but changing vmxnet3 by e1000 as a virtual network interface for Firewall vm, all works ok. At this point, it seems a bug with vmxnet3 under OpenBSD.

Reply
0 Kudos