Re: vSwitch in Promiscuous mode still getting pack...

vinnyb · ‎11-25-2008

I was experimenting today with using Cisco RSPAN vlans to replicate switch traffic to Wireshark on one of my VMs and came across something odd. It appears that even though I've marked an adapter as "unused" for a particular promiscuous port group on a vSwitch, I still get packets from both adapters. Here's the basics of the setup:

ESX 3.5 update 2
My ESX host has two NICs connected to a single switch
Both NICs belong to vSwitch0
Port Group "RSPAN901" has one of the NICs as active and the other as unused
Created vlan 901 on my Cisco switches and configured it for remote spanning
Added a 2nd NIC to my VM and attached it to "RSPAN901"

When everything was turned on, I was seeing 2 copies of each packet in Wireshark on the VM. The only way around the double packets was to disallow vlan 901 on one of the ESX host NICs. I find this odd because I took the meaning of "unused" literally.

Questions:

Is this behaviour by design or am I missing something?
Has anyone else come across this?

Texiwill · ‎11-26-2008

Hello,

Questions:
Is this behaviour by design or am I missing something?
Has anyone else come across this?

Unless the physical switch is sending the data through to the pNIC you would only see one packet. Does this happen on incoming traffic or just outgoing traffic or both. If it is both then the physical switch is also an issue. if it is just one way, you may be able to determine what is happening.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

SearchVMware Blog: http://itknowledgeexchange.techtarget.com/virtualization-pro/

Blue Gears Blogs - http://www.itworld.com/ and http://www.networkworld.com/community/haletky

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

nabsltd · ‎11-26-2008

I'm seeing a similar issue.

I have a port group that has three pNICs attached to it. Two of the pNICs are set to "Active", with the other set to "Standby" or "Unused" (I've been testing both). I have to set the physical switch to "trunk" (EtherChannel, in Cisco speak) the ports to the three NICs so that I can load-balance the two active pNICs. When I do this, I see the same behavior you are seeing..."Unused" or "Standby" pNICs are receiving and sending traffic.

Basically, the physical switch doesn't seem to know which pNICs are active as part of the trunking, and that explains the receiving, but I have no clue why ESX is transmitting on pNICs that aren't "Active".

I don't have any problems if I have just one pNIC "Active", because then I can set the switch not to trunk. In that case, there is no activity on the "Standby" or "Unused" pNics.

vinnyb · ‎11-26-2008

I'm seeing a similar issue.
Basically, the physical switch doesn't seem to know which pNICs are active as part of the trunking, and that explains the receiving, but I have no clue why ESX is transmitting on pNICs that aren't "Active".
I don't have any problems if I have just one pNIC "Active", because then I can set the switch not to trunk. In that case, there is no activity on the "Standby" or "Unused" pNics.

Using Etherchannel should produce about the same behaviour as my RSPAN vlan, RSPAN essentially causes the the VLAN act like a hub sending all traffic to all member or trunk ports. The part I don't get is why VMware is passing received traffic all the way to the VM on "unused" NICs.

Texiwill: I don't send any traffic into the RSPAN VLAN so I'm not sure if the problem exists both ways.

All

vSwitch in Promiscuous mode still getting packets from "Unused" adapters