VMware ESX and slow syscalls

Similar Questions

• KB 1008130: Failure of VMware ESX and ESXi 3.5 U3 of e/s on the queue (s) SAN LUNs and LUN is blocked indefinitely

  Does anyone have more information about the current alert to support "all of you who have upgraded, or are planning to upgrade worms, ESX 3.5 Update 3 or ESXi 3.5 Update 3, please read the Article 1008130"? ".

  Ko describes possible symptoms and identifies the affected ESX 3.5 U3 version, but the resolution is a bit vague. I understand they are working on a fix but,

  1. Is it related to a specific build of U3?

  2. Are there precautions that we can take to minimize the risk?

  3. What is the scope? My hypothesis is not very because 3.5 U3 has been a while and I know this support alert is recent.

  4. Anyone experence this first hand... at what level... There you said what though it is indicated in the KB?

  I didn't have symptoms on the hosts I've 3.5 U3, but I planned improvements to several hosts this weekend and would like to know if I have to go through the painful process to cancel or reschedule.

  3.5 has the robin load balancing experimental, but who would not count as a path failover (I don't think).

  You can force the LUN through a certain path, it might take a few attempts on Lun busy because the load balancing cannot be changed when an INTERNATIONAL organization is pending (this is how works iCSSI HW).  When you fail switches that nevertheless taken into account as a path failover, so I don't know how that comes in re: this issue when no LUN use this path.

  For more security perhaps you put a hold:

  • DRS

  • SSH logins

  • Backups

  • Restorations

  • Clones

  • on/off switch

  • etc, etc, etc.

  While the path are past failovers.

  If a path fails on a single host, I would be surprised if it affects other hosts.  Guests will book the file on the VMFS file system when they need to update the metadata or write data, I think that should continue its work.  However, if you take a switch, you may have failures in path on all of your guests...

  Ben

• Minimum number of VMware ESX for a HA cluster

  Can someone please detail the minimum number of hosts vsphere required for a HA cluster?

  I'm planning an implementation of the VMware farm including a number of ESX hosts that will be split into two groups. The first group will include vsphere servers that are hosting virtual machines NOT required for DR via SRM. The second group will be VMware ESX and VMs protected by SRM.

  With respect to the SRM cluster, the number of virtual machines is minimal (5-6 virtual machines) and can run on a host unique vsphere. The thin HA I will include 2 vpshere hosts in this cluster. My question is therefore if 2 VMware ESX is OK for a HA cluster because I'm not sure what should be the minimum number?

  Any guidance is appreciated.

  Thank you

  > Can someone please detail the minimum number of hosts vsphere required for a HA cluster?

  2 guests.

  ---

  MCITP: SA + WILL, VMware vExpert, VCP 3/4

  http://blog.vadmin.ru

• VMware ESX does not recognize the local RAID volume

  Hi all

  We are running VMware ESX 3.5 Update 3 on a G4 HP Proliant DL 380 with a Raid Smart Array 6i controller (this is our test platform).

  Since the VI Client, it is not possible to add a data store that corresponds to a local 200 GB Raid5 volume.  I can see this disc in the "Storage adapters" section (path: vmhba0:1:0, LUN ID = 0).

  We have updated the firmware on our server is no problem of conformity between VMware ESX and such old material?

  Thank you very much in advance for your help

  Connect directly to the server and try to create this VMFS volume?  I noticed on VC 2.5 that whenever I have create a server and try that he does not see the space when I try to add storage.

  Direct connection to the host ESX with the VI Client works every time...

• Need help to install Vmware ESXi and ESX 4.1 under VM in VMworkstation 7

  I get an error when trying to install 4.1 ESX and ESXi 4.1 as a VM under VMWorkstation 7.1 running on Windows 7 32 bit AMD Phenom 9500 Quad Core 2.2 ghz with 3gig memory.

  "Any level of support for the microcode for the stepping of the processor of AMD family 10 h B2.

  can some one guide what to do to work around this problem.

  Thank you

  the article below

  http://KB.VMware.com/kb/1013334

• ESX and VMware scripting Backend process...

  Hi all

  I look forward to hearing the internal processes that continue on the street within the ESX Server. For example:-that the ESX actually did when the user fires rescan command esxcfg-rescan & lt; vmhba. & gt;. Is there any script is triggered on commanded this shooting? and even on the backend to another ESX processes orders too. I want to update my self on these things. Hope someone here could give me a helping hand.

  Concerning

  MRM

  If you are interested about how ESX (i) and some of the inner workings, you should take a look at some of the documents/charts architecture, this is available on VMworld if you have an account, and the majority of it should be free of previous years, less the recent VMworld Europe / U.S..

  Here is another good site for a collection of documents to help: http://vsphere-land.com/top-10-list/top-10-list-index.html

  If you are only interested in some of the esxcfg-* commands, a good way to learn what it is doing and the parts of the system it touches is to download the vCLI/RCLI: http://engineering.ucsb.edu/~duonglt/vmware/#vmware_rcli

  These commands are similar to that of those on the classic ESX which are used to manage/configure remote both ESX(I) hosts and they use the VI API http://www.vmware.com/support/developer/vc-sdk/visdk25pubs/ReferenceGuide/index.html

  You can open each of these scripts and get a good understanding, most of the classic esxcfg-* commands are compiled binaries which makes internal calls to the system, but some are normal Perl/bash scripts such as esxcfg-rescan or vmware-cmd and you can open these and take a look at what he does.

  So it really depends on what you're trying to understand and explain how you want to enter.

  I hope that gives you an idea of where to go.

  =========================================================================

  William Lam

  VMware vExpert 2009

  Scripts for VMware ESX/ESXi and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

  repository scripts vGhetto

  http://Twitter.com/lamw

  If you find this information useful, please give points to "correct" or "useful".

• VMware ESX 3.5 and MSCS

  Hi all

  I noticed the MSCS in the release notes for ESX 3.5 indicating that VMware is not supported in this version

  http://www.vmware.com/support/vi3/doc/vi3_esx35_vc25_rel_notes.html (about halfway)

  Is there an official answer as to why this is, it is not supported?  I'm running on 3.0 production systems in this scenario, and I fear that an upgrade will cause problems

  Any help would be apprecated

  3.5 MCSC 1 update is supported

  Support for Microsoft Cluster Service (MSCS)

  VMware ESX Server 3.5 Update 1 supports the Microsoft Cluster Service.

  Support is similar to ESX Server 3.0.1 with the following additions:

  -The customers of Windows 2003 64-bit and 32-bit are supported with MSCS.

  -Start-up of the SAN for virtual machines by using MSCS is now supported.

  -The majority node set of clusters with application-level replication (for

  for example, Exchange 2007 Cluster Continuous Replication (CCR) is now

  supported.

• VMware ESX 3.5 and disabling carrots

  Hi all

  We have a Cluster ESX from VMware ESX 3.5 U3 that was built for a specific product that has a licensing model that doesn't fit well with the virtual server running model.

  The basis of this cluster is 3 x BL465c G1 Dual Core servers HP with 16 GB of memory each. We're going to run out of memory, and I can't add memory without add because of the architecture of AMD processors.

  Adding more CPU will have a big impact on licensing costs - once again not the licenses of VMware.

  I want to do is add a second processor DC and then use BIOS to disable half of the cores in each processor.  This will allow me to add an extra 16 GB memory per server and stay within the limits of the license.

  My question - has anyone with disabilities hearts on a host ESX from VMware, specifically after ESX has been installed. All that needs to be done?

  I tested the disabling function of carrots on a Windows Server and who did replace the drivers, I was wondering if VMware ESX should similar updates / management.

  Rob of TIA.

  You'll be fine, apart from the fact that, by adding the Jepp second you will need an additional CPU, per ESX host licensing doesn't mind.

  If you have found this device or any other answer useful please consider useful or correct buttons using attribute points

  Tom Howarth

  VMware communities user moderator

  Blog: www.planetvm.net

• PE2950, virtualization and VMware ESX 3.5.2 technology bios setting

  I PE2950 with VMware ESX server 3.5.2 is installed.

  The activation of the "Virtualization Technology" BIOS setting (under information CPU) will cause problems with the operating system? (it was disabled when installing ESX on it – default setting)

  
  

• VMware ESX server CPU use test alarm

  Hi all

  For a new client, I need to show the alarm and ticket slot functionlity vmware ESX server logging settings

  • Use of the CPU of a server ESX VMW
  • Use of memory for the server ESX VMW

  While I reduced the threshold value of VMW ESX Server CPU use as beloow format

  WARNING - 5% and STDev.warning - 0

  I made this two days before configuration, but still no alarm generated for this rule.

  Help the creation of a test of the abveo metric ESX alarm

  Hi - I ended up having to do such things in the past as well. I just built a virtual machine added lots of processors and memory, then for the CPU, I used the script CPUBusy.vbs from VMware (Google search which) and down it load times so that he began to max real physical processors... For memory, I just opened a massive text file in Wordpad and scroll up and down it. This gave me the circumstances to test the alarms, just don't do as a busy time or use some dev ESX servers... Danny Bravo

• 2808 LAG for use with VMware ESXi and Linux collage

  I posted the month last about setting up my work with groups LAG http://en.community.dell.com/support-forums/network-switches/f/866/t/19537080.aspx servers (I'll effectively implementing implement this Saturday)

  I decided to buy a 2808 for my ESXi server get more aggregated connections to my staff iSCSI Linux server but now I'm worried I might have made a mistake to buy the 2808.

  After looking in the manual before I realized I could have been mistakenly assuming that the 2808 had STP and LACP, as I can't find LACP anywhere in the PDF file. I guess that the configuration of my Linux machine for 802.3ad is out (a hope to make mode 4), so now for the configuration of my house, I wonder (* 1 *) that I have to configure my VMware NIC team like and what mode of binding should I use on my Linux host? As for the section at the top (my working configuration) (* 2 *) I don't know what to do about the road other than the leave as 'route based on originating virtual port ID "? (This is how our other data centers are configured, but I'm waiting for my admin network as agglomerates ESXi hosts are configured with the channels of port on our cisco switches)

  For the House, I want to try to increase the bandwidth by using three NICs in each server, I was hoping that it works:
  VMware: Route of IP hash function?
  w/Linux: balance-alb?

  -VMware:
  Before you begin:

  • The default load balancing strategy is route based on the port virtual origin ID. If the physical switch uses the aggregation of links, route based on the IP hash load balancing should be used. For more information, see host requirements for the aggregation of links for ESX and ESXi (1001938) and the guide of VMware Virtual Networking Concepts .
  • LACP support was introduced in vSphere 5.1 on distributed vSwitches and requires additional configuration. For more information, see activation or deactivation of LACP on a group of ports Uplink using the vSphere Client Web (2034277).
  • Ensure that the Protocol of aggregation VLAN and link (if any) are correctly configured on the physical switch ports.

  -Linux:
  * Descriptions of bonding modes *.
  + Mode 0 balance-rr: Round-robin policy: transmit packets in the sequential order of the first available through the last high school. This mode provides load balancing and fault tolerance.

  + 1 active-backup mode: Active-backup policy: only one slave in the link is active. A different slave becomes active if and only if, the active slave fails. MAC address of the binding is visible from the outside on a single port (NIC) to avoid confusion between the switch. This mode provides fault tolerance. The first option affects the behavior of this mode.

  + 2 balance-xor mode: XOR policy: transmit based [(adresse MAC XOR avec destination MAC traiterait de source) modulo County slave]. This selects the slave even for each destination MAC address. This mode provides load balancing and fault tolerance.

  + 3 broadcast mode: broadcasting policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

  + Mode 4 802.3ad: IEEE 802.3ad dynamic aggregation of links. Creates aggregation groups who share the same speed and duplex settings. Use all the slaves in the active aggregator according to the 802.3ad specification.

  -Prerequisite:
  -1.Ethtool support in the base drivers to retrieve the speed and duplex of each slave.
  -Switch 2.A which takes care of IEEE 802.3ad dynamic aggregation of links. Most of the switches will require some type of configuration to activate 802.3ad mode.

  + Mode 5 balance-tlb: Adaptive load balancing transmission: Channel link that doesn't require any special switch support. Outgoing traffic is distributed according to the intensity of the current (relative speed) on each slave. Inbound traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

  -Prerequisite:
  -1.Ethtool support in the base drivers to retrieve the speed of each slave.

  + 6 balance-alb mode: Adaptive load balancing: includes balance-tlb plus receive balancing (rlb) for IPV4 traffic and doesn't require any special switch support. Receive load balancing is achieved by ARP negotiation. Link driver intercepts the ARP replies sent by the local system on their way and replaces the hardware address of source with the unique hardware address of one of the slaves in the bond as different counterparts use different physical addresses for the server.

  The topic dell nearest you, I have found a useful was: http://en.community.dell.com/techcenter/networking/f/4454/t/19415629.aspx

  my previous post was more concerned with VLAN tagging and spanning tree issues, but now I see I should have feared groups LAG it as well.

  Any help would be appreciated, thanks in advance all :)

  -

  PS. http://i.dell.com/sites/doccontent/shared-content/data-sheets/en/Documents/dell-powerconnect-2800-series-spec_sheet.pdf said that the 2800 series supports LACP, so if I'm worried about anything on my iSCSI side slap me please in the face, but I guess even in this case, I'm still not sure how to configure the ESXi host because it does not support LACP without vSphere and my original configuration is a free version , so I have no web vSphere management needed to make the LACP allow the change.

  Not sure if it is of no use: example configuration of EtherChannel / switches control protocol LACP (Link Aggregation) with ESXi/ESX and Cisco/HP (1004048), but that's where I was to base the choice on IP hash from.

  It must have the support of layer 3 to achieve IP hash, IP addressing is a 3-layer technology, so a 6200 series or higher or the soon to be released N3000 series.

• Cisco Secure ACS 4.2 on VMware ESX 4.0.

  We must move from ESX 3.5 to ESX 4.0 a virtual machine running Cisco Secure ACS for Windows version 4.2.

  This solution is compatible and supported by Cisco?

  Thank you.

  Andrea

  ACS Windows 4.2 is not supported by Cisco, when installed on VMWare ESX 4.0 in accordance with the following documentation:

  http://Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/device/guide/sdt42.html#wp37898

  Only ACS 5.1 is supported on ESX 4.0:

  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_vmware.html

• What is the best for VMware esx 4.0

  If I understand correctly, 4.2.1 for windows only supports VMware esx 3.0? IF ACS 5.0 supports VMware esx 4.0? Or is it a solution Manually applciation compete with hardware?

  Pls help?

  5.1 of the ACS is FCS and running on ESX 4.0

  See http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_vmware.html

• How do you know what was the latest patch installed on VMware ESX Server 3i, 3.5.0 207095

  Hello guys,.

  I've been running an old server that was installed in a test system on workstation DELL - Optiplex GX620 (32 bit).

  During installation, I had to confirgure the file: /usr/lib/vmware/installer/Core/TargetFilter.py to change the following line:

  "interface returned. GetInterfaceType() == ScsiInterface.SCSI_IFACE_TYPE_IDE' as follows:

  "interface returned. GetInterfaceType() == ScsiInterface.SCSI_IFACE_TYPE_ISCSI' this is it worked and I used it for 3 years now. However, right now, I was hoping to be updated with the latest patches and updates and I do not know if I just ESX or ESXi, or what was my last update, and what it takes then.

  I used this command to get the following result:

  # vmware - v

  VMware ESX Server 3i 3.5.0 build-207095

  ... I think that the 3i says I have an ESXi 3.5.0 but build 207095 the buid even as ESXi 3.5.0 patch 5?

  If this is not the case, how should I do to update? What is the KB # I should download?

  I can manage using vSphere Client 5.5 and I can't SSH using PuTTY.

  Note: When I run... "# esxupdate - bundle = ESXe350-201302401-I - SG.zip updated ' of in the folder where his property in the data store, nothing happens... just a new line scrolls.

  Also...

  # esxupdate query

  <? XML version = "1.0"? >

  <>request-response

  < installed packages >

  < package ID = "ESX-207095" >

  firmware < name > < / name >

  < version > 3.5.0 < / version >

  < rel > 207095 < / rel >

  < / packages >

  < package ID = "ESX-CLIENT-204907" >

  < name > viclient < / name >

  < version > 2.5.0 < / version >

  < rel > 204907 < / rel >

  < / packages >

  < package ID = "ESX-TOOLS-207095" >

  < name > tools < / name >

  < version > 3.5.0 < / version >

  < rel > 207095 < / rel >

  < / packages >

  < / packages installed >

  < / request-response >

  # /vmfs/volumes/525300ce-5ff6ad3d-e2ed-0014222aedb7/patches/ESXe350-201302401-O-SG

  ... is there any update for this system? I therefore believe that the patch software etc was not around when I was installing this server in 2010.

  Based on KB http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014508 you run ESX 3.5 Update 5.

• IPSec on VMWare ESX 5.1 communication problems

  Hello

  We have 2 computer systems.  You running us VMWare ESX 5.1 and the other is running Ubuntu 14.04.  We have problems for IPSec to work between the two systems.  We cannot find any documentation or known issues with IPsec on VMWare ESX 5.1, so we're going to reach out to the community.

  Here's what we did:

  1. we configured Ubuntu and VMWare systems to use IPv6, we can ping each other using IPv6.

  2. we configure IPSec on an Ubuntu operating system by following the instructions below:

  https://help.Ubuntu.com/community/IPSecHowTo

  3. we have followed the instructions below to configure IPsec on VMWare.

  http://KB.VMware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 1021769

  Here's the problem:

  When 2 Ubuntu systems run IPsec, they are able to ping each other.  However, when allow us IPSec communications between VMWare and Ubuntu, the ping is suspended.

  Here is the result of the configuration of command esxcli on VMWare:

  UBUNTU. IPv6.ADDRESS-> Ubuntu IPv6 address

  VMWARE. IPv6.ADDRESS-> address IPv6 from VMWARE

  
  Name Source address Destination address State SPI Mode Encryption Algorithm, integrity algorithm to life

  --------           -------------------------------------  -------------------------------------  ------      -----     ---------     --------------------               -------------------           --------

  GoToDPSA UBUNTU. IPv6.ADDRESS VMWARE. Mature IPv6.ADDRESS infinity 0 256 transport 3des-cbc hmac-sha2-256 x

  VMWARE DPToGoSA. IPv6.ADDRESS UBUNTU. Mature IPv6.ADDRESS infinity 0 x 300 transport 3des-cbc hmac-sha2-256

  Name of the Source address Source Port Destination address Destination Port Protocol flow Action Mode SA

  --------          ----------------------------------------  -----------        ----------------------------------------  ----------------          --------       ----     ------     ---------      --------

  VMWARE DPToGoSP. IPv6.ADDRESS/64 0 UBUNTU. IPv6.ADDRESS/64 0 everything on transport ipsec DPToGoSA

  GoToDPSP UBUNTU. IPv6.ADDRESS/64 0 VMWARE. IPv6.ADDRESS/64 0 in ipsec transport GoToDPSA

  Here's what we found:

  After debugging the problem (using tcpdump), we found that the VMWare system sends the ESP packets, but never sends a package AH (required for IPSec authentication).  Even when the encryption protocol is null, the system of VMWare would always send ESP packets, but never once sent a package of AH.

  Here is the resulting execution trace: Ubuntu - ping-> VMWare:

  ...

  IP6 UBUNTU. IPv6.ADDRESS > VMWARE. IPv6.ADDRESS: AH(spi = 0 x 00000256, seq = 0 x 16): ICMP6, an echo request, seq 1, length 64

  IP6 VMWARE. IPv6.ADDRESS > UBUNTU. IPv6.ADDRESS: ESP(spi = 0 x 00000300, seq = 0 x 1), length 160

  IP6 UBUNTU. IPv6.ADDRESS > VMWARE. IPv6.ADDRESS: AH(spi = 0 x 00000256, seq = 0 x 17): ICMP6, an echo request, seq 2, length 64

  IP6 VMWARE. IPv6.ADDRESS > UBUNTU. IPv6.ADDRESS: ESP(spi = 0 x 00000300, seq = 0 x 2), length 160

  IP6 UBUNTU. IPv6.ADDRESS > VMWARE. IPv6.ADDRESS: AH(spi = 0 x 00000256, seq = 0 x 18): ICMP6, an echo request, seq 3, length 64

  IP6 VMWARE. IPv6.ADDRESS > UBUNTU. IPv6.ADDRESS: ESP(spi = 0 x 00000300, seq = 0 x 3), length 160

  Summary:

  There seems to be a problem with IPSec in VMWare ESX 5.1 on IPv6.

  We noticed that the downloads section of the site support provided patches for VMWare ESx 4.x and earlier, but lack of patches for VMWare ESx 5.x.

  Are there known issues in this area or available patches to fix this problem?  Your kind suggestions would be greatly appreciated.  Thank you.

  Sorry for the late reply, but here the analysis of what is happening and why you are experiencing a problem.

  The Encapsulating Security Payload (ESP) to IPsec protocol will encrypt a payload of the packet and can

  Optionally authenticate the packages as well. You do not include orders allowing you to set the

  Security Association (SA) and political security (PS), but the output in your post indicates that you

  you want to encrypt the payloads both authenticate packets in mode of transport between the hosts.

  I don't know why the Ubuntu IPsec HowTo examples using protocols AH and ESP to encrypt and

  authenticate the packets. In our view, it is best done in a single step with ESP, ESXi only

  offer the option of AH with IPsec. Of course, this requires configuring the ESXi server and your

  The host with a configuration of IPsec compatible Ubuntu (or any other operating system).

  To illustrate, suppose the ESXi server has the address 2001:db8:1 and the host of Ubuntu has the

  address 2001:db8:2. We will use cbc-3des for encryption of the useful and hmac-sha2-256 load for integrity

  authentication mode of transport - just like in your message.

  On the ESXi host, the commands to do this might look like this (of course, you need to generate your)

  own keys and not re-use those I did).

  # Add the outbound security association ESXi

  esxcli ipsec ip network his Add.

  -sa-source = 2001:db8:1.

  -sa-destination = 2001:db8:2.

  -sa-mode = transport.

  -sa-spi = 0 x 200.

  -encryption = 3des-cbc algorithm-

  -encryption key = 0x6dd50fa97e919365d393fd0d404c655f80651316e9418682.

  -the integrity algorithm hmac-sha2-256 =.

  -integrity key = 0x730047c680d9812535a741bbb3521a29322cca77464cf16092519c4165ca6958.

  -sa-name = sa_1to2

  # Add the ESXi inbound security association

  esxcli ipsec ip network his Add.

  -sa-source = 2001:db8:2.

  -sa-destination = 2001:db8:1.

  -sa-mode = transport.

  -sa-spi = 0 x 300.

  -encryption = 3des-cbc algorithm-

  -encryption key = 0x50988e55ca6a0d0440cf0c29f80d308df884616ec4b55552.

  -the integrity algorithm hmac-sha2-256 =.

  -integrity key = 0xf76caa5b4985a8a9d1c7cedbcf43f21b83401818e3b8d5e526a8c99ff4d4baa7.

  -sa-name = sa_2to1

  # Add the outbound security policy ESXi

  esxcli network ip ipsec Ms Add.

  -sp-source = 2001:db8:1 / 64.

  -source-port = 0.

  -sp-destination = 2001:db8:2 / 64.

  -destination-port = 0.

  -top-layer-protocol = any.

  -action = ipsec.

  -output = flow direction.

  sp-= transport mode.

  -sa-name = sa_1to2.

  -sp - name = sp_1to2

  # Add the ESXi incoming security policy

  esxcli network ip ipsec Ms Add.

  -sp-source = 2001:db8:2 / 64.

  -source-port = 0.

  -sp-destination = 2001:db8:1 / 64.

  -destination-port = 0.

  -top-layer-protocol = any.

  -action = ipsec.

  -direction of flow = in.

  sp-= transport mode.

  -sa-name = sa_2to1.

  -sp - name = sp_2to1

  # List the ESXi security associations

  esxcli network ip ipsec its list

  Name Source address Destination address State SPI Mode Encryption Algorithm, integrity algorithm to life

  -------  --------------  -------------------  ------  -----  ---------  --------------------  -------------------  --------

  sa_2to1 2001:db8:2 infinite mature 2001:db8:1 of hmac-sha2-256 0 x 300 transport 3des-cbc

  sa_1to2 2001:db8:1 infinite mature 2001:db8:2 of hmac-sha2-256 0 x 200 transport 3des-cbc

  # List the ESXi security policies

  List of the sp network ip ipsec esxcli

  Name of the Source address Source Port Destination address Destination Port Protocol flow Action Mode SA

  -------  --------------  -----------  -------------------  ----------------  --------  ----  ------  ---------  -------

  sp_1to2 2001:db8:1 / 64 0 2001:db8:2 / 64 0 everything on ipsec transport sa_1to2

  sp_2to1 2001:db8:2 / 64 0 2001:db8:1 / 64 0 in ipsec transport sa_2to1

  On your Ubuntu host, you need a compatible IPsec configuration. In general, on linux systems

  use the command setkey BSD-door, this is done by changing the system-wide

  in/etc/ipsec configuration file - tools.conf.

  #! / usr/sbin/setkey - f

  flush;

  spdflush;

  #

  # SAs ESP using 192 bit long keys (168 + 24 parity)

  # generated using: dd if account = / dev/random = 24 bs = 1 | xxd - ps

  # ESXi supports 3des-cbc, aes128-cbc, or null

  #

  # AH SAs using 256 bit long keys

  # generated using: dd if account = / dev/random = 32 = 1 bs | xxd - ps

  # ESXi supports hmac-sha1 or hmac-sha2-256

  #

  Add 2001:db8:1 2001:db8:2 esp 0x200

  E 3des-cbc 0x6dd50fa97e919365d393fd0d404c655f80651316e9418682

  -A hmac-sha256 0x730047c680d9812535a741bbb3521a29322cca77464cf16092519c4165ca6958;

  Add 2001:db8:2 2001:db8:1 esp 0 x 300

  E 3des-cbc 0x50988e55ca6a0d0440cf0c29f80d308df884616ec4b55552

  -A hmac-sha256 0xf76caa5b4985a8a9d1c7cedbcf43f21b83401818e3b8d5e526a8c99ff4d4baa7;

  # Security policies

  spdadd 2001:db8:1 2001:db8:2 all Pei in ipsec

  ESP/transport / / need;

  spdadd 2001:db8:2 2001:db8:1 all Pei on ipsec

  ESP/transport / / need;

  I have no problem of encryption and authentication of IPv6 traffic between a server ESXi 5.1

  and a host of 14.10 Ubuntu using this configuration.