ruckers05
Contributor
Contributor

Connectivity Test For VLAN/Port Groups

Jump to solution

Hello there,

I was wondering if anyone has a soloution to my problem, to cut a long story short i want something that would check connectivity to each VLAN from each ESX host.

I manage a 24 host VMware ESX cluster based on IBM LS42 blade servers across 5 racks and 9 chassis and these are all linked together with cisco switches.

The problem i have is the network sometimes experiences failures which mean chassis or rack switches have issues with some of the VLAN's.

At the moment im migrating a vm connected to each vlan between each host / Chassis to ensure it can speak to the Default Gateway on that VLAN.

Is there a way doing this a bit less manually? im prepared to put the time into scripting something but im unsure how best to approach it (or if there is something there already?)

I just need each VLAN's DG pinging from each host... ideas?

Thank you!

Ed

0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership

Hello,

What kjb007 suggests is doable but will increase the monitoring you need to do as enabling Promiscuous mode within a vSwitch is against all security standards, benchmarks, and guides.

If you need to test connectivity from VMs to the outside world, why not just setup a VM on port 4095 that contains an 802.1q driver and let it just ping out to the network on each VLAN. Perhaps just to another VM on a different host. If the pings work you have network connectivity. Note you would need this for every vSwitch. This would report back via email/pager if something is wrong. This will no longer require a promiscuous mode ethernet adapter. You can also use the same ping approach for the Service Console network.

The VM you do put on portgroup 4095 must be able to handle 802.1q and route to these VLANs appropriately.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, DABCC Analyst
====
Now Available on Rough-Cuts: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

0 Kudos
4 Replies
kjb007
Immortal
Immortal

You can create a specialized vm that lives on a portgroup that's marked for 4095. This is vm based vlan tagging, and would require your vm itself to do the 802.1q tags. Enable promiscuous mode on the portgroup, and run a network analyzer on that vm. You should see all the available packets that are coming in through that vNIC to the vm, and be able to "see" what vm's are available.

-KjB

VMware vExpert

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Texiwill
Leadership
Leadership

Hello,

What kjb007 suggests is doable but will increase the monitoring you need to do as enabling Promiscuous mode within a vSwitch is against all security standards, benchmarks, and guides.

If you need to test connectivity from VMs to the outside world, why not just setup a VM on port 4095 that contains an 802.1q driver and let it just ping out to the network on each VLAN. Perhaps just to another VM on a different host. If the pings work you have network connectivity. Note you would need this for every vSwitch. This would report back via email/pager if something is wrong. This will no longer require a promiscuous mode ethernet adapter. You can also use the same ping approach for the Service Console network.

The VM you do put on portgroup 4095 must be able to handle 802.1q and route to these VLANs appropriately.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, DABCC Analyst
====
Now Available on Rough-Cuts: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
ruckers05
Contributor
Contributor

Sounds perfect, i wasnt aware i could assign it all vlan's and enable 802.1q.

Ill get to it right away, thanks guys.

Ed

0 Kudos
norregaard
Expert
Expert

Here's a howto post on configuring a guest VM for VLAN tagging and on how to test VLAN connectivity from that VM:

http://www.vi-tips.com/2009/11/vlan-testing-in-esx-35.html

/jakob

0 Kudos