Options

help with configuring a Vswitch on Esxi

mishymishy Member Posts: 209 ■■■□□□□□□□
in Virtualization
I have an ESXI server that I am using for my home lab and what I am trying to do is to have my external devices on the 192.168.0.1-254 network and then my lab can be on 10.0.0.0-254 or even on 192.168.2.1-254. I only have one NIC but can invest in another NIC if that is the quickest/easiest solution to my problem but I am not ready to invest in another physical switch due to shortage of space and power sockets.

I have tried adding another VMkernel port on my vSwitch0 and configured it with an IP address and subnet mask different to my home network but with the default gateway on my wireless router, the devices can ping each other but they cannot go on the internet. I think also there is not much configuration I can do on the vSwitch0 since it is the default switch and any tempering do might affect me from accessing the Esxi host. When I add another vSwitch without an additional NIC card it does not allow for internet access.

How can I add another Vnic/vmkernel/vswitch that I can assign a different IP range and subnet mask to that of my home network. Others have suggested a virtual switch appliance but I do not have the knowledge of configuring one and the learning curve of setting up one diverts me from my immediate goal.
· Share on FacebookShare on Twitter

Comments

  • Options
    jmritenourjmritenour Member Posts: 565
    First of all, understand that vSwitches operate at layer two - they are mostly unaware of IP addresses. A VMKernel port only allows for certain types of communication at the hypervisor level, like management, IP based storage, or vMotion. VMs cannot communicate on a VMKernel port, or use it for routing purposes.

    Virtual Machine port groups allow VMs to communicate with each other as if they were in the same broadcast domain - not quite the same, but the same principle. Now, you can assign any private IP you want to the VMs, it is completely unrelated to any IPs you are using for VMKernel port groups. You could just put them on a completely different subnet, then connect to the VMs using the vSphere client without any issue.

    Now, assuming you want a setup where you can RDP/SSH into the VMs without using the vSpher client, what you would want to do is create a second Virtual Machine port group, then create a VM with a NIC for each of the virtual machine port groups. You'll configure one to connect to your physical network, with an IP address you can reach from your workstation. Then configure the second NIC with an IP in a different subnet. Install some type of routing program/service, and configure all of your VMs to route to that VM. Then, set a static route to the VM network using the IP from your physical network assigned to that VM on your workstation, and you should be able to reach all the VMs from your workstation with their native remote access protocol.
    "Start by doing what is necessary, then do what is possible; suddenly, you are doing the impossible." - St. Francis of Assisi
    · Share on FacebookShare on Twitter
  • Options
    jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    No need for a VMKernel port unless you need to have the "management" accessible from multiple networks.

    Her an example from my single nic ESXi server

    faza0h.jpg

    As you can see - you can have virtual switches without even having an adapter assigned to it, but you knew about this already. This way the "lan" is isolated. If your VMs need to go "out" - vms attached to the internal switch only - then you will need to find a way of routing. As you found out - the VMs won't have internet connection without any routing.

    In my case I am using "SmoothWall" - but any routing would do - Linux with IPTables or Windows RRAS or any other free distribution ..

    Or forget all about that and simply attach VMs with different IP ranges to the same NIC and don't bother with isolation. If your router is able to have two LAN ranges and it should just work.

    For example, my old Draytek had two LAN ranges, 192.168.1.x and 192.168.2.x so I could configure VMs in either range and it just "worked" (might have needed a static route on the router - can't remember).
    My own knowledge base made public: http://open902.com :p
    · Share on FacebookShare on Twitter
  • Options
    mishymishy Member Posts: 209 ■■■□□□□□□□
    Thanks jmritenour and jibbajabba, both your replies have given me a better understanding of what is happening. @jibbajabba I have noticed you have 2 smoothwalls VMs, will I require both if I was to try copy your setup and are your VMs on vSwitch1 able to access the internet using the smoothwalls to connect to the internet?
    · Share on FacebookShare on Twitter
  • Options
    jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    I do not have two VMs - it is a single VM with two network cards on either switch (as it needs to be in both networks in order to route). One network card connects to the external network (in my case 192.168.13.x) and "internal" to the internal network on whatever IP I choose ...

    2s9y6w6.jpg

    By the way - Smoothwall is a bit unintuitive (to me anyway). Personally I think the easiest distro to setup and get routing working in next to no time is ClearOS

    ClearOS | Downloads | Software

    I'd download just the iso though, rather than the virtual appliance - had a few issues with the latter but the installation is straight forward.
    My own knowledge base made public: http://open902.com :p
    · Share on FacebookShare on Twitter
  • Options
    mishymishy Member Posts: 209 ■■■□□□□□□□
    jibbajabba wrote: »
    By the way - Smoothwall is a bit unintuitive (to me anyway). Personally I think the easiest distro to setup and get routing working in next to no time is ClearOS

    Thanks I have had a look at ClearOS and will play around it with it when I get home today. Thanks for the help
    · Share on FacebookShare on Twitter
Sign In or Register to comment.