VMware Cloud Community
lorimer
Contributor
Contributor
‎01-05-2009 04:21 PM
Jump to solution

vmkernel IP address

I am trying to wrap my head around vmkernel networking. I have a kickstart for installations. I run it, it sets up the Management Console IP address. I can view this with:

# ifconfig vswif0

vswif0 Link encap:Ethernet HWaddr 00:50:56:44:FA:12

inet addr:172.17.108.145 Bcast:172.17.109.255 Mask:255.255.254.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:46747952 errors:0 dropped:0 overruns:0 frame:0

TX packets:52307477 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3846385535 (3668.1 Mb) TX bytes:2908183422 (2773.4 Mb)

Nowhere in my script is vmkernel networking setup. Somewhere in the process though, I am assuming, it probes for an unused private network range, and creates an IP on the appropriate interface. I am basing this on the output of this command:

# esxcfg-vmknic -l

Interface Port Group IP Address Netmask Broadcast MAC Address MTU TSO MSS Enabled

vmk0 VMotion Network 192.168.24.1 255.255.255.0 192.168.24.255 00:50:56:7c:09:a8 1500 40960 true

Where in the process does this auto-generation happen? I have another cluster I built with the same kickstart file, that has

been aded to a different virtualcenter instance. I haven't completely

finished that cluster yet. This leads me to believe that the IP is

generated when I configure for HA. Is there a way to specify which range to choose from (ie: tell it to use 10.0.0.0/24)? Is this address hard coded or is it dynamic at boot time? I assume also, that if I change my kickstart to specify a vmkernel IP address, then when I configure for HA, it will check if that is functional (can talk to other nodes), and if yes, move on (not generating a new address). Is this all correct?

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
sbeaver
Leadership
Leadership
‎01-06-2009 02:00 PM
Jump to solution

virtualcenter - Which IP address does virtualcenter connect to? The management console

RCLI console - Which IP address does RCLI console connect to? The management console

ssh - I assume management console? The management console

snmp - Does SNMP go against the management console, or vmkernel? The management console

firewalling - esxcfg-firewall, /etc/sysconfig/iptables - Is there a difference? I have only been using esxcfg-firewall, but know that in normal RedHat boxes it is /etc/sysconfig/iptables. Is there a way to specify which interface you are allowing/not allowing services on?

You should use the esxcfg-firewall. This command is designed to be used with the vmkernel and not just the management console.

Quick rundown -- The vmkernel port is used for vMotion and for iscsi. FYI authentication for the vmkernel port when using the port to connect to iscsi still uses the management console for authentication

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**

View solution in original post

0 Kudos
4 Replies
sbeaver
Leadership
Leadership
‎01-05-2009 04:35 PM
Jump to solution

Once my build process is complete I have another script that runs on first boot that configures everything else. Below is an example of the part of the script that configures vMotion. $VMIP is predefined as vMotion IP and $VMKGW is vMotion default gateway

setVMotion()

{

echo "Setting up vMotion..." >> /root/PostInstall/PostInstall.log

  1. Setup your VMkernel and Virtual Machine networking:

  2. EXAMPLE: Add VMotion portgroup

#/usr/sbin/esxcfg-vswitch --add --pg=VMotion vSwitch0

#/usr/sbin/esxcfg-vmknic --add --ip %#!computer@lic_os_user% --netmask 255.255.255.0 VMotion

/usr/sbin/esxcfg-vswitch vSwitch0 -A vMotion

/usr/sbin/esxcfg-vswitch vSwitch0 -p vMotion

/usr/sbin/esxcfg-vmknic -a vMotion -i $VMIP -n 255.255.255.0

/usr/sbin/esxcfg-route $VMKGW

service mgmt-vmware restart

sleep 20

  1. vimsh -n -e "/hostsvc/vmotion/vnic_set portgroup4" # Command for 3.0.2 and earlier

  2. vimsh -n -e "/hostsvc/vmotion/vnic_set vmk0" # Used for ESX3.5 and higher

vmware-vim-cmd /hostsvc/vmotion/vnic_set vmk0

}

Steve Beaver

VMware Communities User Moderator

====

Co-Author of "VMware ESX Essentials in the Virtual Data Center"

(ISBN:1420070274) from Auerbach

Come check out my blog:

*Virtualization is a journey, not a project.*

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
lorimer
Contributor
Contributor
‎01-06-2009 01:46 PM
Jump to solution

Thanks for the script sample. I think I have my head wrapped around the differences and how/when to set them. I have a couple follow up questions with regard to service locations etc. I know vmkernel does network based storage.

virtualcenter - Which IP address does virtualcenter connect to?

RCLI console - Which IP address does RCLI console connect to?

ssh - I assume management console?

snmp - Does SNMP go against the management console, or vmkernel?

firewalling - esxcfg-firewall, /etc/sysconfig/iptables - Is there a difference? I have only been using esxcfg-virewall, but know that in normal RedHat boxes it is /etc/sysconfig/iptables. Is there a way to specify which interface you are allowing/not allowing services on?

0 Kudos
sbeaver
Leadership
Leadership
‎01-06-2009 02:00 PM
Jump to solution

virtualcenter - Which IP address does virtualcenter connect to? The management console

RCLI console - Which IP address does RCLI console connect to? The management console

ssh - I assume management console? The management console

snmp - Does SNMP go against the management console, or vmkernel? The management console

firewalling - esxcfg-firewall, /etc/sysconfig/iptables - Is there a difference? I have only been using esxcfg-firewall, but know that in normal RedHat boxes it is /etc/sysconfig/iptables. Is there a way to specify which interface you are allowing/not allowing services on?

You should use the esxcfg-firewall. This command is designed to be used with the vmkernel and not just the management console.

Quick rundown -- The vmkernel port is used for vMotion and for iscsi. FYI authentication for the vmkernel port when using the port to connect to iscsi still uses the management console for authentication

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
0 Kudos
mike_laspina
Champion
Champion
‎01-06-2009 02:07 PM
Jump to solution

Hi,

Yes iptables is the firewall service. Definetly use esxcfg-firewall to edit the tables. It's no walk in the park trying to edit them directly.

http://blog.laspina.ca/ vExpert 2009