I am trying to wrap my head around vmkernel networking. I have a kickstart for installations. I run it, it sets up the Management Console IP address. I can view this with:
vswif0 Link encap:Ethernet HWaddr 00:50:56:44:FA:12
inet addr:172.17.108.145 Bcast:172.17.109.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:46747952 errors:0 dropped:0 overruns:0 frame:0
TX packets:52307477 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3846385535 (3668.1 Mb) TX bytes:2908183422 (2773.4 Mb)
Nowhere in my script is vmkernel networking setup. Somewhere in the process though, I am assuming, it probes for an unused private network range, and creates an IP on the appropriate interface. I am basing this on the output of this command:
Interface Port Group IP Address Netmask Broadcast MAC Address MTU TSO MSS Enabled
vmk0 VMotion Network 192.168.24.1 255.255.255.0 192.168.24.255 00:50:56:7c:09:a8 1500 40960 true
Where in the process does this auto-generation happen? I have another cluster I built with the same kickstart file, that has
been aded to a different virtualcenter instance. I haven't completely
finished that cluster yet. This leads me to believe that the IP is
generated when I configure for HA. Is there a way to specify which range to choose from (ie: tell it to use 10.0.0.0/24)? Is this address hard coded or is it dynamic at boot time? I assume also, that if I change my kickstart to specify a vmkernel IP address, then when I configure for HA, it will check if that is functional (can talk to other nodes), and if yes, move on (not generating a new address). Is this all correct?
virtualcenter - Which IP address does virtualcenter connect to? The management console
RCLI console - Which IP address does RCLI console connect to? The management console
ssh - I assume management console? The management console
snmp - Does SNMP go against the management console, or vmkernel? The management console
firewalling - esxcfg-firewall, /etc/sysconfig/iptables - Is there a difference? I have only been using esxcfg-firewall, but know that in normal RedHat boxes it is /etc/sysconfig/iptables. Is there a way to specify which interface you are allowing/not allowing services on?
You should use the esxcfg-firewall. This command is designed to be used with the vmkernel and not just the management console.
Quick rundown -- The vmkernel port is used for vMotion and for iscsi. FYI authentication for the vmkernel port when using the port to connect to iscsi still uses the management console for authentication
Once my build process is complete I have another script that runs on first boot that configures everything else. Below is an example of the part of the script that configures vMotion. $VMIP is predefined as vMotion IP and $VMKGW is vMotion default gateway
setVMotion()
{
echo "Setting up vMotion..." >> /root/PostInstall/PostInstall.log
Setup your VMkernel and Virtual Machine networking:
EXAMPLE: Add VMotion portgroup
#/usr/sbin/esxcfg-vswitch --add --pg=VMotion vSwitch0
#/usr/sbin/esxcfg-vmknic --add --ip %#!computer@lic_os_user% --netmask 255.255.255.0 VMotion
/usr/sbin/esxcfg-vswitch vSwitch0 -A vMotion
/usr/sbin/esxcfg-vswitch vSwitch0 -p vMotion
/usr/sbin/esxcfg-vmknic -a vMotion -i $VMIP -n 255.255.255.0
/usr/sbin/esxcfg-route $VMKGW
service mgmt-vmware restart
sleep 20
vimsh -n -e "/hostsvc/vmotion/vnic_set portgroup4" # Command for 3.0.2 and earlier
vimsh -n -e "/hostsvc/vmotion/vnic_set vmk0" # Used for ESX3.5 and higher
vmware-vim-cmd /hostsvc/vmotion/vnic_set vmk0
}
Steve Beaver
VMware Communities User Moderator
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
*Virtualization is a journey, not a project.*
Thanks for the script sample. I think I have my head wrapped around the differences and how/when to set them. I have a couple follow up questions with regard to service locations etc. I know vmkernel does network based storage.
virtualcenter - Which IP address does virtualcenter connect to?
RCLI console - Which IP address does RCLI console connect to?
ssh - I assume management console?
snmp - Does SNMP go against the management console, or vmkernel?
firewalling - esxcfg-firewall, /etc/sysconfig/iptables - Is there a difference? I have only been using esxcfg-virewall, but know that in normal RedHat boxes it is /etc/sysconfig/iptables. Is there a way to specify which interface you are allowing/not allowing services on?
virtualcenter - Which IP address does virtualcenter connect to? The management console
RCLI console - Which IP address does RCLI console connect to? The management console
ssh - I assume management console? The management console
snmp - Does SNMP go against the management console, or vmkernel? The management console
firewalling - esxcfg-firewall, /etc/sysconfig/iptables - Is there a difference? I have only been using esxcfg-firewall, but know that in normal RedHat boxes it is /etc/sysconfig/iptables. Is there a way to specify which interface you are allowing/not allowing services on?
You should use the esxcfg-firewall. This command is designed to be used with the vmkernel and not just the management console.
Quick rundown -- The vmkernel port is used for vMotion and for iscsi. FYI authentication for the vmkernel port when using the port to connect to iscsi still uses the management console for authentication