Service console and VM kernel port group Question

Similar Questions

• separate the vlan for the service console and vkernel

  Hi all

  I need to restructure my environment uat and dev, keeping both under vcenter even. I run the machine with 4 NICs (currently using 2 each for sc + vk & vm port with eather channel gp). The reason behind this is that we have stored separately (using nfs) in uat and dev segment to be used by the servers (virtual and physical) in the respective segment. I'll take 2 clusters as uat and dev. wanted to help the same regardeing

  • wanted to know if I can get my service console and vmkernel running on VLANs separate as shown below
    • UAT cluster
      • SC - 10.10.11.x
      • VK - 10.10.12.x
    • dev cluster
      • SC - 10.10.11.x
      • VK - 10.10.50.x

  kindly let me know for further information on above, any other suggestion on above will be useful

  Yes your SC and VMkernel networks running on different VLANS will work - it is a best practice.

• Change the id vlan of the Service Console and now can't connect

  Hello

  My ESX 3.5 server was with a Service Console PG and a PG VMotion on vSwitch0. There are 2 physical NIC assigned to the vSwitch, which are transmitted to the 2 physical network switches.

  Guys id assigned netoeking vlan 200 to 2 ports on the 2 natachasery physical switches is connected. In the VI client, if I change the properties of vSwitch0-> Console of Service and the value of the vlan 200, I completely lose connectivity to the host. I can't ping the IP address SC longer. I have a keyboard/screen connected to the host and when I connect to the SC, I can't ping the default gateway of the SC or whatever it is.

  I used esxcfg-vswitch to set of the SC vlan id 0 (all) and bingo!, I can speak to the host again and he can talk. The network guys arrure me, they put the vlan id = 200 on the OK physical switch ports. So what goes wrong?

  FWIW, we also have an ESX4 from same host configured the host to 3.5 and it communicates very well. It's the SC a vlan = 200 and issued for the same physical switches.

  George.

  the switch port config are not the same between the hosts of working and non-working.  See http://kb.vmware.com/kb/1003806 for example config

• Need a script to create standard vSwitch with virtual and several computer port group VLAN

  I want to create standard vSwitch for all hosts in the cluster for virtual machine port group and add one or more groups of ports VLAN for the same standard vswitch.

  Kind regards

  Shan

  Try something like this

  $clusterName = "mycluster.

  $nics = "vmnic0", "vmnic1.

  $vlans = 123456789

  foreach ($esx in (Get-Cluster-name $clusterName |)) Get - VMHost)) {}

  $sw = New - VirtualSwitch - name swX - VMHost $esx - Nic $nics - confirm: $false

  $vlans | %{

  New-VirtualPortGroup-name "PG $($_)" - VLanId $_ - VirtualSwitch $sw - confirm: $false

  }

  }

• Stop the Service Console and shell scripts

  Now that VMware announced ESX 4.1 is their last hypervisor with a service console, I was wondering-

  What are the options to make what is now a large number of Linux shell scripts perform the same functions on ESXi - i.e. PowerCLI, Host Profiles, etc. and how long we have until officially support chips for the ESX service console?

  Thank you

  PowerCLI does not rely on a service console. However, you must have paid the ESXi version for them to work.  With respect to the profiles of the host, which is a characteristic of vCenter and has more no dependencies on the COS.  You can start watching to convert all of your shell scripts PowerCLI and use scripts.

  What about when VMware will stop support for ESX, I do not anticipate happening any time soon.

• Update IP addresses: Service Console and VMKernel

  At one point, I went off my standard to apply IP addresses to the host ESX (esx 4). I want to update these IP addresses to reflect the appropriate settings. I need to change the IP address and the address of vmkernal. Subnets will stay the same, but the address themselves will change. Is this safe to do? I'll be able to migrate the computers out of guests and hosts in maintenance modes if necessary.

  See here, but make the changes at the level of the console.

  http://KB.VMware.com/kb/4309499

• ESX 3.5 Service Console ARP breaks

  We have a machine in our cluster running ESX 3.5.0 build 163429.

  According to vCenter, the Mac address of the console vmk0 service is 00:50:56:7 C: 30:84.

  If I connect via ssh and do/sbin/ifconfig vswif0, I get 00:50:56:40:95:A1.

  We have a Nagios server that pings the Service Console once per minute under its health check.

  Every twenty minutes, we get on the monitor like this server log entries:

  oct 6 17:11:06 monitor kernel: arp: 192.168.1.123 left 00:50:56:40:95:a1 for 00:50:56:7 c: 30:84 on 1 ' IME

  oct 6 17:11:06 monitor kernel: arp: 192.168.1.123 left 00:50:56:7 c: 30:84 to 00:50:56:40:95:a1 on 1 ' IME

  oct 6 17:31:08 followed kernel: arp: 192.168.1.123 left 00:50:56:40:95:a1 for 00:50:56:7 c: 30:84 on 1 ' IME

  oct 6 17:31:08 followed kernel: arp: 192.168.1.123 left 00:50:56:7 c: 30:84 to 00:50:56:40:95:a1 on 1 ' IME

  6 oct 17:51:09 monitor kernel: arp: 192.168.1.123 left 00:50:56:40:95:a1 for 00:50:56:7 c: 30:84 on 1 ' IME

  6 oct 17:51:09 monitor kernel: arp: 192.168.1.123 left 00:50:56:7 c: 30:84 to 00:50:56:40:95:a1 on 1 ' IME

  6 Oct 18:11:10 monitor kernel: arp: 192.168.1.123 left 00:50:56:40:95:a1 for 00:50:56:7 c: 30:84 on 1 ' IME

  6 Oct 18:11:10 monitor kernel: arp: 192.168.1.123 left 00:50:56:7 c: 30:84 to 00:50:56:40:95:a1 on 1 ' IME

  Does anyone have an idea of what might be happening here?  It seems just as strange and undesirable behavior.

  Thanks for your suggestions!

  OK, now I'm wondering why you have a vmkernel port named "Service Console" and a vswif port named "Service Console".  In classic ESX and ESXi not, your vmk0 port is not used by the Console of your Service, your port of vswif is, that's why you get arp updates, change the Mac.  You have actually added a duplicate IP address.  Here is my config.  You will see that there is no port vmkernel in use.  If you use this second IP for vmotion, then you need a different IP address for this portgroup.

  # vmware - v

  VMware ESX 4.0.0 build-171294

  # esxcfg - vswif - l

  Port Group/DVPort IP IP family name address Netmask Broadcast Enabled TYPE

  Service Console IPv4 10.x.x.x 255.255.255.0 vswif0 real 10.x.x.x STATIC

  # esxcfg - vmknic - l

  Interface Port Group/DVPort IP IP family address Netmask Broadcast MAC address MTU TSO MSS active Type

  -KjB

  VMware vExpert

  Don't forget to leave some points for messages useful/correct.

• Newbie question: accessibility vs. insulation Service Console

  Hi all

  I wonder what people do in practice to balance isolate the service console/vCenter to be able to access essential services (updates, NTP, etc.) and to administer the host and vCenter.

  Quick reminder:

  Local government, not a department store. Just is about to go into production with ESX3.5/VC2.5, have licenses for the VDI which is one of the reasons why I'm not starting with v4. Had ESX in test for about a year.

  Network is a bit sophisticated, equipment Alcatel, can do VLAN etc., but managed by one other team so I didn't know very well how it can or can not do access control.

  Firewall is on the periphery of the network only; an inter - VLAN firewall or an ISA Server would be new for me, and probably ask a negotiation.

  Because I'm not quite yet in production, I know that my best chance now is to configure the network according to best practices. I have read the Security Hardening Guide, now I'm hoping to get some opinions 'the street '. Should I go the distance and set up a firewall, or can configure us a VLAN enough tight to be a good (if the second best) choice? What are the trade-offs of usability? How do you get updates if you do not connect that network to the Internet? All the creative solutions out there for the budget conscious?

  Thanks for your help,

  Jenna Flanagan

  City of Belmont COMPUTER service

  The service console is often regarded as the "keys to the Kingdom", if it is compromised, you have access to all the guests running.  the hardening guide is a very good starting point, an internal firewall would be a very good option there are several out there that are safe, but have a low learning curve, ISA is one, but there so smoothwall.

  However that said, even VLAN even though they are not considered as a security mechanism, should be used to separate your traffic, more important still is to separate traffic flows.  Make sure that your Service console and VMKernel traffic are separated from your Production comments traffic, this may be at the lowest level by exchanges and VLANs (not particularly sure, but better than nothing), moving to separate from Teddy and vSwitches and finally a game completely separated from pSwitches in order to guarantee a circulation independent flow (very safe but also very expensive.

  How many bears will you have in the comments. We're crazy.  with as little as 4 pNiICs you can start the design with real security in mind.

  vmnic0 + vmnic2-> traffic Service Console and VMKernel

  vmnic1 + vmnic3-> traffic Production comments.

  Very good Ed Haletky (Texiwill) reading series on the placement of NIC in design found here

  Now you are aware that the view output 4 is just around the corner, (guesstimated release date: mid November) this would introduce you to all the benefits of vSphere and use of VDI.  just a thought

  If you have found this device or any other answer useful please consider useful or correct buttons using attribute points

  Tom Howarth VCP / vExpert

  VMware communities user moderator

  Blog: www.planetvm.net

  Writer on "[vSphere of VMware and Virtual Infrastructure Security: securing ESX and virtual environment | ]. "[http://www.Amazon.co.uk/VMware-vSphere-Virtual-Infrastructure-Security/DP/0137158009/ref=sr_1_1?ie=UTF8&s=Books&qid=1256146240&SR=1-1].

• VMKernel port group

  Here is the configuration of the network of one of our hosts ESX 4.1:

  (1) the virtual computer network

  (2) Service with 1 IP console

  (3) VMKernel with 1 IP for vMotion and iSCSI, called as VMKernel_iSCI

  I can see there are 4 NICs attached to this host.

  Now, I just know, that same using iSCSI and vMotion VMKernel is not a good practice.

  question 1

  So I would like to know how is the mapping of the ESX host's network. Is this;

  1 NETWORK card = 1 VM Network

  1 NETWORK card = 1 Service Console

  1 card NETWORK = 1 which is currently used for iscsi and vmotion VMKernel port group

  In a standard switch, there are 2 network cards configured.

  2nd question

  I want to delete 1 port VMKernal vmotion (VMKernel_iSCI) and create a dedicated for vmotion.

  I know that I have will require another IP address, but what of NIC, it will be;

  1 NETWORK card = VMKernel_iSCSI

  1 NETWORK card = VMKernel_vMotion

  Please explain.

  Thank you

  Mihir

  From a pure technical point of view, it will work, as long as your network is configured properly (i.e. taking advantage of VLAN and the separate subnets on management, vMotion and iSCSI). However, I am worried about the bandwidth and quarrels with such a configuration.

  BTW. except if you've already seen it, I would recommend that you take a look at http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf

  André

• Failed to create the Service Console

  Hello

  Anyone could answer this, why I can't create service console? For some reason, the service console did not appear as an option in the Network Setup Wizard dialog box. Any clue?

  Thank you

  You use ESXi.

  It is not a service console, and it is not a service console port.

  You manage ESXi using a vmkernel interface.

  André

• IPv6 can not ping 2nd service console

  I configured a new vswitch with a service console and a vmkernel to use IPv6 and IPv4.

  I can ping to the service console and vmkernel IPv4 address. But I can only ping the service console IPv4 address.

  Why something like that happens? I checked to see if it was a duplicate address, and he wasn't.

  Thank you

  Is it using vSphere4?  There is no requirement for the ports of service console to use iSCSI, now.

  Can you provide the output of esxcfg-vswitch - and esxcfg-vmknic - l that I can see what looks like your network config?

  In addition, you will be able to ping the ESX storage use the command vmkping?

  If you are able to ping both directions, getting newspapers in storage and the ESX host around time of discovery would be the next piece of useful information.

  Thank you

  Andy

• Set up a VLAN tagging for service without interruption of network service console

  I currently have an ESX Server that has vSwitch with a single NETWORK card for the console service with no trunking VLAN.  The vmkernel is a separate vSwitch also with a single network ADAPTER with no trunking VLAN, but in one VLAN separate from the NIC service console I would like to group the virtual physical switches in a single vSwitch, trunking 2 network cards and marking management.  Is there a way to do it without causing a failure of service console; that is, a PuTTY session distance?

  Well you can work it so that the spare IP is not used for a long time.

• How to access the ESX service console

  Hi all.

  I'm a TV engineer trying to solve a problem of network with our equipment. I'm not a network engineer.

  I'm trying to follow the VMWareKB: "Troubleshooting connection problems network using the Protocol ARP (Address Resolution)" I'm just trying to check the ARP table exists on our ESX Server and has some entries.

  KB said running 'arp - a' for a list of the ARP table.

  To do this, I need to open a service console. I have now read articles 3 or 4 on the use of the Service Console but I am still unable to open it to run the command. I do not understand what I am doing wrong, I am incredibly stupid or miss me something completely.

  An article said, press 'Alt F1"exactly where I am doing this? A virtual machine is connected to the ESX? An article said "to VIM summary screen' I tried logging on the virtual machine and point a web browser on the server, I get a screen of welcome of ESX with link"Connecting to Web Access", when I click on it I get"Internet Explorer Can t Open The Web page.

  I had a look at VIM, I can see the details of the Vswitch network on the configuration page, including the IP address of the console service. Can't see how to open a service console. VIM of pointing at the address for service console is unable to do anything.

  I just need to know how to open the Service console and check the tables of ARP based on the KB.

  Please dumb down of your responses to me!

  The fundamental problem is about some units of electric distribution that we use to power the equipment in the racks. They have a network connection which we track using Virtual Machines to the report of a third person of monitoring and control software. The virtual machines are running alarm software driver used to report to the third party. The virtual machine is on a blade server.

  We have a problem where a unit of the IML has been replaced but configured with incorrect default gateway address. In the hours to do so, the monitoring and control software lost connection to ILM and one by one, all units of the IML began to send the ARP requests - "who has 10.172.248.254'.

  Finally, the MDU constantly send ARP requests and the MDU have lost connectivity to the virtual computer. If we open the VM machine, follow up and a MUD, the ping command ping fails, if we put a laptop in place an ILM and ping the machine VM, the ping works fine.

  If power us off/on the ILM voltage they are good, but we are a 24/7 operation and power cycling the MDU is considered risky.

  We have had this problem before and the only solution was to rebuild the virtual machine and assign all MDU to a new network address.

  All switches ILM is connected (foundry Falstron GS) have been verified by the support of our network guys and we are told are all good. The blade server hosts about 20 VM and they work just fine from other systems SNMP traffic monitoring.

  If anyone has any ideas I'm all ears.

  Hello

  As stated, the console is the administration interface that you can use directly on the hardware. It is not a VM (as such) that connect you with the standard management GUI. You can SSH in the network or you can be "physically connected" as you say (I would use HP SIM or the ILO to connect directly to the blade). Once you have that screen upward, press 'Alt + F1' and you connect. Then you should be able to follow the KB to check the ARP table.

  See you soon,.

• ESXi does not service console?

  Hi all

  According to this http://hyperinfo.wordpress.com/2008/09/05/vmware-esx-and-esxi-comparison/

  He said that only ESX service console and ESXi is not everything and must use RCLI.

  But, isn't this console we receive from: F2 & gt; not taken into care & gt; root password, is a service console, which even we can ssh in?

  Thank you

  ESXi "console" is there as a back door so to speak to support problems that cannot be solved with vSphere client, vCLI or DCUI.   The notable difference with the ESX console is that the ESXi console is not supported for daily use.  Also, it is not audited as this is the console for ESX.  See article 1003677 for more information.

  Dave

  VMware communities user moderator

  New book in town - Start Guide quick vSphere -http://www.yellow-bricks.com/2009/08/12/new-book-in-town-vsphere-quick-start-guide/.

  You have a system or a PCI with VMDirectPath?  Submit your specifications to the unofficial VMDirectPath HCL - http://www.vm-help.com/forum/viewforum.php?f=21.

• ESX 3.5: copy files using the service console from a network share to the esx host data store

  Hello

  I wonder. Is there a command that I can run the service console that would allow me to copy a file from a network share on the data store on the esx host?

  Eric

  If sharing is a Windows, you can also use smbclient within the service console and ride sharing.

  André

  * If you found this device or any other answer useful please consider awarding points for correct or helpful answers