Belhassen_Bench
Contributor
Contributor

HCX installation On Premise ( Nested LAB )

Hi, I am trying to setup HCX in my nested LAB.

The HCX's OS -named "Linux FromScratch"- is really different from the common Ubuntu / SLES-RHEL Linux flavors I know, so I am getting a bit lost with networking, let me explain my issue :

 

Before starting let me tell you how I enable a VM in my Workstation LAB to reach internet :

- For Windows machine I just add a new NIC and assign it to the VMKernel that has DHCP enabled and is bound to my VMware Workstation Adapter that is NAT enabled, all works good, for Linux machine (SLES-RHEL) I do the same : I add a new Adapter in Workstation and make it configured as NAT. Notice that for DHCP I rely on the VMware Workstation DHCP VMnet8 internal server and I am not using the Domain Controller for DHCP )

 

Ok, now back to HCX issue : during the installation of the HCX.ova when I reach the network part I put a static IP for the HCX VM ( 192.168.1.213 ) this subnet is the Data one configured for Data local domain communication ( AD, vCenters etc.. )

 

I tried 3 scenarios, only scenario 3 succeeds but I cannot use it for the reasons I will explain, here are their descriptions :

1) If I make my IP static ( 192.168.1.213 ) and don't specify any route then nothing works ( meaning that when I want to activate the HCX License I get stuck, which makes sense since 192.168.1.213 cannot reach the connect.hcx.vmware.com IP : 45.60.65.140 ).

 

2) If I specify routes as follow ( to reach any internal Domain network go through 192.168.1.213 interface, actually the Gateway for this subnet is 192.168.1.1, and to reach Internet - 0.0.0.0/0 - go through the second DHCP enabled NIC ), this fails as well.

"ip a" output :

Belhassen_bc_0-1626692716530.png

 

and "ip route" output :

Belhassen_bc_1-1626692716543.png

 

eth0 routes for Data local domain subnets :

Belhassen_bc_2-1626692716582.png

 

and eth1 ( DHCP enabled interface ) route to the internet :

Belhassen_bc_3-1626692716592.png

 

 

result :

Belhassen_bc_4-1626692716611.png

 

 

I even tried to manipulate the /etc/systemd/network myself, but looks like it is really not reflecting what I do.. maybe the config is written somewhere else.. For me, this flavor of Linux is not good at all..

 

 

3) If I keep only 1 NIC, and make it DHCP enabled ( along with routes being only for internet, nothing local ) then I can get to the internet and ping the connect.hcx.vmware.com IP, here the License activation works indeed, but then I am not having a static IP which is not the expected design for a company ! ( I mean having a dynamic IP for a VM like HCX ), here are screenshots of this scenario :

 

Belhassen_bc_5-1626692716621.png

 

wired.network file for eth0 : ( I just enabled DHCP, nothing else )

 

Belhassen_bc_6-1626692716634.png

 

"ip a" output, plus a try to ping the License activation portal : ( I can ping connect.hcx.vmware.com ) :

Belhassen_bc_7-1626692716662.png

 

"ip route" output :

Belhassen_bc_8-1626692716671.png

 

Ok, as expected now I am not able to open the HCX Manager with the DNS name of the machine ( hcx-target.vlab.local ), but I can do it with its IP ( the dynamically assigned one : 192.168.64.35 )

and License Validation works :

Belhassen_bc_9-1626692716682.png

 

 

 

But I cannot afford using a Dynamic IP for such a deployment ! that would make no sense ..

Any idea would be much appreciated, since I feel I am trying the same things in loop.

 

 

 

 

 

0 Kudos
9 Replies
ChrisFD2
VMware Employee
VMware Employee

Hi, it might be worth asking this in the Workstation section as installing HCX on Workstation isn't supported and it's not something I've tried.

From memory HCX manager doesn't support having its IP address changed so I assume there is underlying code which blocks any manual intervention. Even if you manage to change it within the OS it may break HCX functionality.

Can I ask where you are putting in the static route?

Deploying HCX manager into ESXi with a static IP works every time I've done it so there must be some Workstation workaround for your issue.

Regards,
Chris
VCIX-DCV 2020 | VCP-DCV 2020 | VCP-NV 2020 | vExpert *** | CCNA R&S
0 Kudos
Belhassen_Bench
Contributor
Contributor

Hi, thanks for your reply, find my answers / comments inline :

You said : "Can I ask where you are putting in the static route?"

   => During the installation you are requested to fill the HCX VM with static routes, I indicate two routes : one for local traffic and one for Internet. ( I explained this in the original post : to reach any internal Domain network go through 192.168.1.213 interface, actually the Gateway for this subnet is 192.168.1.1, and to reach Internet - 0.0.0.0/0 - go through the second DHCP enabled NIC, but this fails to get me into Internet for License activation ), if this does not work I try to force the routing using the file wired.network file, just by adding the [Route] section : 

Again, here is a screenshot of the wired.network file as well as the "ip route" output : ( eth0 is the static interface, eth1 is the second NIC bound to the DHCP enabled network meant to reach the internet )

Belhassen_bc_1-1626791903807.png

Belhassen_bc_2-1626791925369.png

 

Belhassen_bc_0-1626791749706.png

 

 

You said : "Deploying HCX manager into ESXi with a static IP works every time I've done it so there must be some Workstation workaround for your issue."

  => Ok, here is my question for you then : how do you make your HCX VM reach Internet in order to get the License activation ? since you confirm it has a static IP within your local domain network, then how do you do your routing with this ugly Linux version for it to reach the connect.hcx.vmware.com IP : 45.60.65.140 ?

Regards,
0 Kudos
ChrisFD2
VMware Employee
VMware Employee

Why are there two NICs? HCX works perfectly fine regardless of how 'ugly' LFS is.

Regards,
Chris
VCIX-DCV 2020 | VCP-DCV 2020 | VCP-NV 2020 | vExpert *** | CCNA R&S
0 Kudos
Belhassen_Bench
Contributor
Contributor

Chris, are you reading my entire posts ? or just reading the 1st line only ?

I need to reach the Internet, so I am adding a second NIC, I do it on purpose, the OVA does not come with a second NIC indeed.

0 Kudos
ChrisFD2
VMware Employee
VMware Employee

No, it doesn't come with a second NIC as it isn't supported to run a second NIC. There are static route options in the admin interface if you want to configure static routes.

Regards,
Chris
VCIX-DCV 2020 | VCP-DCV 2020 | VCP-NV 2020 | vExpert *** | CCNA R&S
0 Kudos
Belhassen_Bench
Contributor
Contributor

aha ! Ok, then i will just retry with only one NIC and manipulate my routes, keep you posted.

0 Kudos
Belhassen_Bench
Contributor
Contributor

this definitely does not work for me with a single NIC, are you using routing outside the VM environment ?

0 Kudos
ChrisFD2
VMware Employee
VMware Employee

In my lab I just have a default gateway which has internet access and it works fine.

Regards,
Chris
VCIX-DCV 2020 | VCP-DCV 2020 | VCP-NV 2020 | vExpert *** | CCNA R&S
0 Kudos
Belhassen_Bench
Contributor
Contributor

I managed to get it work, I just enabled Routing through the Windows Domain Control itself, simply put.

0 Kudos