Solved: VM networking on vSphere ESXi 7.0.0

krisjinka · ‎04-20-2020

Hello,

I am new to VMware vSphere ESXi. I have deployed ESXi on a server. After this, This uses Management network and has 2 uplink network adaptors. I have also enabled. the following on the vSwitch (saw on post that this could help). Assigned static ip address to this server.

Security policy

Allow promiscuous mode

Yes

Allow forged transmits

Yes

Allow MAC changes

Yes

How to configure the new VM's network such that it is able to ping the ip address outside this ESXi host. Currently my DNS server outside of this VM is not reachable from this VM.

I have installed this VM so that I can use this as a client VM to trigger the installation of VCenter Server Appliance.

Since I am new to this VMware, I did not understand how to properly configure the network on this VM. I have configured with the static ip, gateway, DNS, subnet mask.

However,what is needed to make this VM reach outside of this Host ?

Any suggestions is much appreciated !

Thanks !

IRIX201110141 · ‎04-21-2020

First.... please set promiscuous, forged, MAC changes back to disable/no. You have to change it only if you have very special requirements.

About vNetworking in ESXi.... most of the "beginners" think to complicated because its more simple than they thought. The ESXi it self need one IP for its own(management) and thats it. (we think simple here).

The (basic) ESXi dont have to provide IPs for your VMs and have nothing to do with routing, firewall and so on. What you have to configure is the "way" of the Network traffic flows trough the ESX/phys. hardware. They use some abstraction layers like Portgroup, vSwitch, Uplink so that a change of a phys. pNIC doesnt effect the configuration on the VM or GuestOS it self. As a bonus you can add features like traffic shapping or some simple security features like the MAC changes and so on. Again.... no IPs are involved.

Can you "ping" your vCenter VCSA? If so than you have a working VM Network portgroup already in place. If your other VMs Network have to use the same "path" as the VCSA than placing this VMs in the same Portgroup is ok.

Verify which vNIC you have assigned to the VM and that you have tick the "connected" checkbox
The VMXNET3 vNIC needs driver support from the GuestOS . So check your linux distri. Otherwise use e1000(e)
All GuestOS have an Firewall actvive so incomming ICMP Echo is blocked by default. If the GW normaly answered to ping it should also be pingable from your VM

If the Portgroup/vSwitch have a uplink group with 2 or more active VMNICs be sure that all pSwitch ports are configured equally (VLAN, MTU).

In most cases its always a problem with inside the GuestOS.

After you get your problem solved take a look to The Great vSwitch Debate – Part 1 | Ken's Virtual Reality

Regards,

Joerg

View solution in original post

scott28tt · ‎04-21-2020

The default post-installation network configuration should usually give VMs network connectivity.

vSwitch0 will use a vmnic physical NIC port as an uplink, and on the vSwitch there will be a port group called VM Network that you can connect the network adapters of VMs to.

So as long as your VM can be on the same L2/L3 network as your management connection (at least to begin with) you should be good to go.

I suggest posting screenshots of your vSwitch setup (the parts I’ve mentioned above)

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

krisjinka · ‎04-21-2020

Thank you for your response. Please find the vswitch configuration attached.

< Something is preventing attachment of .png files. not sure if that is because i am behind company firewall. >

vswitch consists of

. VM Network

... This contains the VM i am talking about . Using default vlan id 0

. Management Network

... Using default vlan id 0

... VMKernel ports(1)

... vmk0 : <ip>

Physical adaptors

.. contains 2 nic adaptors

Vswitch contains 2 port groups : vm network and Management network.

Ubuntu VM I have created belongs to vm network port group.

scott28tt · ‎04-21-2020

And how does the IP configuration of the NIC inside your VM compare to that of vmk0?

They're on the same L2 network, so should also be on the same IP subnet.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

krisjinka · ‎04-21-2020

vSwitch topology

VM Network

VLAN ID: 0

Virtual Machines (3)

ubuntu1.esxi1.dso

MAC Address 00:0c:29:31:79:fd

rhel1

MAC Address 00:0c:29:89:05:f2

Embedded-vCenter-Server-Appliance

MAC Address 00:0c:29:4b:44:6f

Management Network

VLAN ID: 0

VMkernel ports (1)

vmk0: 10.251.205.18

Physical adapters

vmnic3 , 1000 Mbps, Full

vmnic2 , 1000 Mbps, Full

Only management network contains the vmk0. And the virtual machines does not have vm kernel nics. Ubuntu is configured with the ip such as 10.251.205.114 and i am expecting Ubuntu to reach the gateway 10.251.205.1

Based on your comment, I think Ubuntu should have its own VMKernel Nic and I should configure this public ip address on the vmk . So, i should create vmk1 and configure it with this ip and subnet.

In that case, I have move Ubuntu out of the "VM Network" and create a new port group ?

This part I am confused.

scott28tt · ‎04-21-2020

vmk interfaces are the network adapters of the vmkernel of ESXi, they're the equivalent of a network adapter that you give to a VM when you create it.

VMs do not have and do no need vmk interfaces.

"Management Network" is the port group name for your vmk interface, while "VM Network" is the port group for your VM network adapters - a port group can only be 1 or the other of those 2 things, not both.

The network setup you have posted so far seems like it should work - your Ubuntu VM is on the same L2 and L3 network as your vmk interface, so you should be able to ping from inside the Ubuntu VM to the IP of vmk0, and both ESXi and your Ubuntu VM should be able to ping your gateway address so long as all is well on the physical adapters and the physical switch ports you have them cabled into.

Why did you allow promiscuous mode? That's usually only required when you're doing network monitoring or deliberate MAC spoofing inside a VM.

Do you have a firewall inside Ubuntu which might be getting in the way?

Done any testing from inside your RHEL VM?

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

IRIX201110141 · ‎04-21-2020

First.... please set promiscuous, forged, MAC changes back to disable/no. You have to change it only if you have very special requirements.

About vNetworking in ESXi.... most of the "beginners" think to complicated because its more simple than they thought. The ESXi it self need one IP for its own(management) and thats it. (we think simple here).

The (basic) ESXi dont have to provide IPs for your VMs and have nothing to do with routing, firewall and so on. What you have to configure is the "way" of the Network traffic flows trough the ESX/phys. hardware. They use some abstraction layers like Portgroup, vSwitch, Uplink so that a change of a phys. pNIC doesnt effect the configuration on the VM or GuestOS it self. As a bonus you can add features like traffic shapping or some simple security features like the MAC changes and so on. Again.... no IPs are involved.

Can you "ping" your vCenter VCSA? If so than you have a working VM Network portgroup already in place. If your other VMs Network have to use the same "path" as the VCSA than placing this VMs in the same Portgroup is ok.

Verify which vNIC you have assigned to the VM and that you have tick the "connected" checkbox
The VMXNET3 vNIC needs driver support from the GuestOS . So check your linux distri. Otherwise use e1000(e)
All GuestOS have an Firewall actvive so incomming ICMP Echo is blocked by default. If the GW normaly answered to ping it should also be pingable from your VM

If the Portgroup/vSwitch have a uplink group with 2 or more active VMNICs be sure that all pSwitch ports are configured equally (VLAN, MTU).

In most cases its always a problem with inside the GuestOS.

After you get your problem solved take a look to The Great vSwitch Debate – Part 1 | Ken's Virtual Reality

Regards,

Joerg

krisjinka · ‎04-22-2020

Thank you all for your help and explaining me the VMware networking related concepts. I think it was very helpful. And as you described., it was indeed very simple and the whole time the issue was the public IP address i was assigned had been blocked by the DC admin at the switch level. And hence when i assign the public ip address to the VM created inside ESXi host, it would not ping the gateway.

I found out this problem, when try to assign the new IP to ESXi host instead to check whether the IP itself has access to gateway or not. By going to the iLO of the server, changed the ip4 address of the ESXi host and used the 'Test management interface' to ping, the gateway and DNS server. AT this time, found the issue.

Thanks a lot for your help !

krisjinka · ‎04-22-2020

Thank you for your explanation. The VM is now able to ping gateway and DNS server and vCenter is successfully installed.