biolog5
Contributor
Contributor

VMXNET3 on Debian Squeeze & Promiscuous mode

Hello all,

Hopefully a quick one:

I am building a server that will be acting as network monitor running IPAudit. I built a Debian box (amd64) with vmware tools and e1000 NICs and set up IPAudit, but was not able to get promiscuous mode to work. I read some vmware KB's, which suggested changing rights for /dev/vmnet for relevant users, however, I do not even have that file and so I decided to try with VMXNET 3 NICs instead.

However, even though I have vmware tools installed, I cannot add a vmxnet3 nic - the only option in add nic dialogue is e1000.

Googling didn't seem to produce much, so I was wondering if anyone has any idea how I can either get promiscuous mode to work, or add the vmxnet3 adapter to my server?

For promiscuous mode, I created a separate portgroup, with promiscuous mode allowed and vlan tag of 4095.

Many Thanks!

S.

0 Kudos
6 Replies
gaspipe
Enthusiast
Enthusiast

Is your VM hardware is version >=7? Which Debian version is it? What did you do to set it up and how did "not [being] able to get promiscuous mode to work" manifested itself?

0 Kudos
biolog5
Contributor
Contributor

My Vm is version 7, I'm running ESXi 4.1U2. I'm trying to set up Debian Squeeze, which is version 6 (full one is 6.0.3).

The promiscuous mode not working manifested in the program not displaying some reports properly, and the syslog messages displaying "Entering promisquous mode", but not displaying "exiting promisquous mode". This is program - specific, as during normal operation on a dedicated server, I get both (I set a dedicated one up, just to confirm that, and to look at what else could be causing the problem).

Practically, the problem renders me unable to generate 30min traffic reports.

Thanks!

S.

0 Kudos
gaspipe
Enthusiast
Enthusiast

ESXi 4.1 should support vmxnet3 on Debian 6.0.3. What's listed as "Guest OS" for this VM?

0 Kudos
biolog5
Contributor
Contributor

The guest OS is listed as "Other 2.6x Linux (64-bit).

Promiscuous mode wise - I may have found the problem - I am getting the following log messages from my esxi host:

vmkernel: 21:10:18:34.903 cpu0:XXXXXXXXXX)etherswitch: L2Sec_EnforcePortCompliance: client XXXXX requested promiscuous mode on port XXXXXXXXXX, disallowed by vswitch policy

This suggests that it's the vSwitch settings... I enabled promiscuous mode only on the portgroup, as I was under the impression that portgroup settings override the vSwitch settings. I'll try enabling it on the vSwitch as well and see if that helps.

Thanks,

S.

gaspipe
Enthusiast
Enthusiast

That is correct that the setting on the portgroup overrides the virtual switch setting: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=100409...

Maybe the VM was connected to the wrong portgroup or vSwitch? Anyway - looks like a configuration problem.

Regarding vmxnet3 - does the option become available if you power off the VM and change OS type to Debian Linux 5 or try to create a new VM in custom mode?

biolog5
Contributor
Contributor

Unfortunately, it was connected to the correct portgroup. Since I'm out of ideas, I think I'll just rebuild the servers a a separate physical box. The only idea I have left is vdirectpath, and I don't want to go down that road...

With regards to vmxnet3 - yes, thank you setting it to Lenny helped! I can now add vmxnet3 adapters!

Cheers,

S.

0 Kudos