Detecting status of pNIC?

pravin2650 · ‎02-09-2009

Hi,

Preface:

I have a ESX server on which I have installed Linux.. on which my application runs.

My application is developed to use 2 NIC's/interfaces from the underlying OS i.e.Linux on which it is installed, it sniffs the packet from one interface does some processing and forwards it on other port and vice versa.

Problem Statement:

My application should sniff the packet from interface only if both the pNIC's are up. so even if one pNIC is down it should not sniff packet from other pNIC or bring that working pNIC down.

Problem is that my application can see only vNIC's, that are driven by vmxnet driver.. so basically i am not able to know which pNIC is up and which is down? There is way to detect this on ESX but my VM being a Guest on ESX is not able to directly get access to hardware level.. so basically it says that both NIC's are up and running(coz they are vNIC's), The main problem is that it sniffs packet on one interface even if the other is not connected or down.

Expected solution/suggestion:

Can you help and tell me what is the possible way so that my application can runtime detect the status of pNIC and act accordingly.

One way i thought of is i will detect for some specific amount of time that if the traffic is coming from both the ends, if it is coming from only one end i wll bring down other interface "ifdown eth2 " and vice versa. But this is really not a solution because I am bringing down the other interface un necessarily.. even if it is physically connected and up.. but not receiving any traffic on it.

Even if you can help me with driver API's it will be great.. or any coding funda that i can implement.

PLease let me know if anymore information is required..

Thanks..

Pravin

TomHowarth · ‎02-09-2009

You will not be able to do what you wish, the guest has no knowledge of the physical hardware it is running on. as far as it is concerned, it is attached to a switch. In VMware the pNICs are analogous to the trunk uplink ports on a unmanaged switch.

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth

VMware Communities User Moderator

Blog:

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410

pravin2650 · ‎02-09-2009

So even if i write a kernel module that will talk to vmxnet adapter or that will be able to communicate with vmxnet driver.. its not possible to get status of pNIC?

kooltechies · ‎02-09-2009

Hi,

In my opinion you can try the VMware perl APIs http://www.vmware.com/download/sdk/ . Or can try writing a perl script which can do a SSH from the Linux VM to ESX server and run this (esxcfg-nics -l ) command on the ESX shell. Then it can return the values to your program in the VM which can manipulate it and work accordingly.

Thanks,

Samir

Blog : http://thinkingloudoncloud.com || Twitter : @kooltechies || P.S : If you think that the answer is correct/helpful please consider rewarding points.

TomHowarth · ‎02-09-2009

So even if i write a kernel module that will talk to vmxnet adapter or that will be able to communicate with vmxnet driver.. its not possible to get status of pNIC?

what are you writing the kernel module for, the Guest, if how will you see the pNICs, think about it in physical terms, can you SEE the trunk ports of a unmanages switch from a guest? the fact that these pNICS are on the same host is irrelevant to the guest there is physical speration. ie there is a vSwitch in between them. this is unlike a hosted environment were there is a direct corolatioation between the vNIC and the pNIC (hosted platforms do not utilise vSwitching).

if not and and you are considering writing it for the VMkernal, how are you going to write a kernal mode driver for that?

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth

VMware Communities User Moderator

Blog: www.planetvm.net

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410

TomHowarth · ‎02-09-2009

Hi,
In my opinion you can try the VMware perl APIs . Or can try writing a perl script which can do a SSH from the Linux VM to ESX server and run this (esxcfg-nics -l ) command on the ESX shell. Then it can return the values to your program in the VM which can manipulate it and work accordingly.
Thanks,
Samir

That is making the assumption that the linux guest has access to the Service console network, this is not best practice. and you are in effect leaving the keys to the kngdom on a low hanging branch. the service console network should never be on the production network.

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth

VMware Communities User Moderator

Blog: www.planetvm.net

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410

pravin2650 · ‎02-09-2009

Samir your work around seems cool to me.. but that will require my guest machine to know the ESX credentials and IP address .. as well make sure they both are in same Network.

But thanks for your solution.. appreciate it..

pravin2650 · ‎02-09-2009

Tom you are right.. I was thinking of writing a kernel module in my VM.. That will talk to vmxnet adapter or its driver.. I am new to this and dont have much idea of how ESX and its component works but as per my understanding goes.. vmxnet driver would control the vmxnet adapter created by VMware for us.. so in the end vmadpater would mark a entry for some sort instruction/task that needs to be worked out by ioctl process in VMKernel e.g. packet send and receive, that inturn needs to be dispatched to actual hardware/driver. So I thought that it may be possible to get some information from underlying hardware to VM.. but i was not sure..

But after reading your post I am clear..

Thanks.

kooltechies · ‎02-09-2009

Hi Tom , Pravin,

Yeah the idea that I have given will be a kinda security risk. But how about creating a internal only vswitch between the VM and ESX service console. So in this combination you can have two NIC in the VM one connected to internal vswitch and another to a outer network.

Then you create a second service console portgroup on the internal only vswitch , in this way the traffic between the VM and ESX console is limited within vmkernel TCP/IP stack.

Thanks,

Samir

Blog : http://thinkingloudoncloud.com || Twitter : @kooltechies || P.S : If you think that the answer is correct/helpful please consider rewarding points.

pravin2650 · ‎02-09-2009

Thanks Samir for the input.. as said earlier i am new to ESX and i am hardly aware of magic's we can create using it.. if its possible by your suggested way than bingo.. i would like to try that solution and will let you know the result..

Thanks a lot Samir..

Texiwill · ‎02-17-2009

Hello,

Not sure what you really want here, but really your Linux VM should instead have 2 vNICs on it. Each connected to a portgroup used by the pNICs involved.

I.e.

pNICA <-> vSwitchA <-> PortgroupA <-> VM
pNICB <-> vSwitchB <-> PortgroupB <-> VM (same VM)

This way you have a clear path through each pNIC to a vNIC and if vNICA is getting data it will ONLY get it from pNICA, etc....

Use the vNetwork concepts to get what you want, do not try to hook into the 'pNIC' concentrate on your VMs functionality using virtualized hardware, portgroups, and virtual switches.

Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

Detecting status of pNIC?