Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Aug 2018 13:04:39 +0200
From:      "Patrick M. Hausen" <hausen@punkt.de>
To:        freebsd-net@freebsd.org
Subject:   Running bridged interfaces inside VMware ESXi
Message-ID:  <23E68056-5CD3-4FDD-BCB5-C689A9D12AFF@punkt.de>

next in thread | raw e-mail | index | archive | help
Hi all,

I'm trying to deploy our "proServer" setup inside a VM that is =
unfortunately not controlled by us.

Problem is that I can connect to and ping the host (i.e. FreeBSD running =
in the hypervisor VM),
but network connectivity to a jail using VIMAGE and a bridged interface =
with iocage is enervatingly
flaky without a clearly visible pattern - at least to me.

The VMware port group has forged transmits, MAC address changes and =
promiscuous mode in the
guest allowed, of course.

Symtoms are:

* Jail booted - not reachable from the outside
* Iocage console into the jail, ping system at some remote location - =
works
* While that ping is running, connections from the outside *somewhat* =
work
* Up to the point where you can SSH into the jail, but then suddenly
  packets are dropped again

The admin of the central (Cisco ASA) firewall at the remote site was
so cooperative as to open my host (VM) and the jail transparently and
disable (so he said) all IDS/IPS/deep-whatever functions for my two
target addresses.

I suspect problems with ARP (all IPv4 over there :-/), but I can only =
tcpdump
inside my VM, no access to a packet trace on the wire.

We have that very same setup running in VMware in various environments.
Some even maintained by someone else just like in this case.
This is the first one not "just working". VMware multipathing getting in =
the way?

I think I know my way around these issues quite well, so I'm rather =
puzzled
now, and I start to think I'm missing something "too obvious". Has =
anybody
ever seen a problem like this? I'm simply running out of ideas at the =
moment ...

Thanks,
Patrick
--=20
punkt.de GmbH			Internet - Dienstleistungen - Beratung
Kaiserallee 13a			Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe			info@punkt.de	http://punkt.de
AG Mannheim 108285		Gf: Juergen Egeling




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23E68056-5CD3-4FDD-BCB5-C689A9D12AFF>