Internet/Cloud access from inside of Eve lab running on ESXi

[andyl]

Hi,

I'm not sure what is going on here but I'm having a bit of a problem getting external access from inside a lab. Now I know I'm not an expert but I have tried watching all the video and read the board looking for someone with the same problem but I have not been able to resolve this.

I started out with a pretty normal install from the ova file and added a bunch of images. Everything seemed to be working ok but then I tried adding a network (cloud 0) and I was not able to connect outside of the lab. I tried everything I could think of. With the exception of the EVE management IP (192.168.1.55), I cannot ping outside of the lab environment like 8.8.8.8 or 192.168.1.1 (default gateway) or 192.168.1.5 (server).

What I did to connect to the outside is just adding a network (cloud1) and attaching it to a router. I then assign a static IP to the router and trying to ping out like to 8.8.8.8. It fails. I tried staring and stopping the lab. Creating a new lab but I'm unable to get anything inside a lab to talk with another device outside of the lab - once again with the exception of the EVE managment IP.

To double check things I install another instance of EVE (new download). I let EVE get a DHCP address (192.168.1.65) on the install. I then added a network (cloud1) and a vPC. I put a static IP on the vPC (192.168.1.45/24) and I cannot ping the default gateway 192.168.1.1 or another system on the network that does respond 192.168.1.5.

I'm not sure what I'm doing wrong, if it's inside of EVE or inside of ESXi but I could use any help you have.

Thanks,

Andy

[ramindia]

Hi

1. Make sure your VM in Esxi also in same VLAN as your EVE-NG
2. EVE-NG uses Pnet0 to connect to internet.
3. Add cloud Pnet0 and connect to VM, it should work fine.

Show us your topo, so i can suggest better.

R!

[andyl]

I only have one network using 192.168.1.0/24 with a default gateway is on 192.168.1.1.

According to the EVE system this is my pnet0:

Code: Select all

pnet0     Link encap:Ethernet  HWaddr 00:50:56:87:3e:b2  
          inet addr:192.168.1.65  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe87:3eb2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:42523 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24631 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:52923221 (52.9 MB)  TX bytes:5947946 (5.9 MB)

And this is my routing table:

Code: Select all

root@eve-ng:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 pnet0
192.168.1.0     *               255.255.255.0   U     0      0        0 pnet0
root@eve-ng:~#

From the shell I"m able to ping the default gateway:

Code: Select all

root@eve-ng:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.743 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.839 ms
^C
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.743/0.791/0.839/0.048 ms
root@eve-ng:~#

I also have the following interface but I think they are normal

pnet[1 to 9] - no IP address but they do have IPv6 local addresses
eth0 with no IP address.
L0 - IP address 127.0.0.1/8
vunl0_1_0 - no ip address but does have IPv6 local address

Here is the vPC inside my test lab currently, eve is running on 192.168.1.65

Code: Select all

VPCS> show ip

NAME        : VPCS[1]
IP/MASK     : 192.168.1.45/24
GATEWAY     : 192.168.1.1
DNS         :
MAC         : 00:50:79:66:68:01
LPORT       : 20000
RHOST:PORT  : 127.0.0.1:30000
MTU         : 1500

VPCS> ping 192.168.1.1

host (192.168.1.1) not reachable

VPCS> VPCS> show ip
Bad command: "VPCS> show ip". Use ? for help.

VPCS> ping 192.168.1.65

84 bytes from 192.168.1.65 icmp_seq=1 ttl=64 time=0.141 ms
84 bytes from 192.168.1.65 icmp_seq=2 ttl=64 time=0.220 ms
84 bytes from 192.168.1.65 icmp_seq=3 ttl=64 time=0.221 ms
84 bytes from 192.168.1.65 icmp_seq=4 ttl=64 time=0.249 ms
84 bytes from 192.168.1.65 icmp_seq=5 ttl=64 time=0.187 ms

VPCS>

As you can see I can ping the EVE pnet0 IP but not the default gateway outside the VM.

I'm at a loss as to why a device inside the lab connected to the network on cloud0 is not able to get outside of the lab.

Since I can ping the management IP address of EVE I'm thinking the traffic has to be leaving the EVE application into the UNIX OS. I'm just wondering if the UNIX OS is forwarding the traffic to the ESXi system.

I also tested with a VM windows system inside the same ESXi system and no issue pinging the default gateway or getting to the Internet. Also can access the EVE web without issue from anywhere inside the 192.168.1.0/24 range.

This is just driving me a bit crazy.

Andy

[ecze]

Did you setup correctly the vSwitch into Esxi ?

The vswitch must be configured to be in promiscious mode.

E.

[andyl]

ecze,

Thanks for the help.

I'm going to have to go back and look over the videos and guides to find out where it says the vswitch needs to be in promiscuous mode.

It did not work right away so I rebooted everything and now it's happy. It was driving me a bit crazy, I must have spent 4-5 hours trying to get this to work.

andy

[andyl]

well I went back to an old video for UNL

https://www.youtube.com/watch?v=BTlU0qgB-fs

I found it at 5:40 into the video. Its a good watch for anything needing additional network interface.

On another thought you ever wonder why there is always sirnes going off in the background. I'm thinking that UD does live in a safe area......

Once again thanks for the help and pointing me in the right direction.

Andy

[dawn3000]

I came across the same issue, but on the virtual distributed switch.

I have already enabled the promiscuous mode on the port group which eve-ng connects to, the vIOS devices can ping eve-ng and ESXi host, but cannot ping the gateway sitting on the physical switch.

Do I need to enable the promiscuous mode on the vDS uplink port group? I haven't enabled it as the option is grey out and can't be changed.

Any idea? Thanks!

[Uldis (UD)]

not sure about vDS but vSwitch obviously works ok. of course with promiscue mode

[akopylov]

Tested EVE-NG_on_ESXi interaction with real world. The best way is to set Forged Transmits to Accept in addition to the Promiscuous mode for the port group to which EVE`s nic will be connected. I always do the same for port groups to which my nested ESXis are connected (the same situation actually, EVE is hypervisor too). Also its preferably to shutdown EVE vm before adding new nic (shutdown vm -> add new nic -> put it to the correct port group -> power on vm). Works fine for me.

Also there is no difference between standard vSwitch and dvSwitch (I got DVS) in case of Security settings (forged transmits and promiscuous mode). There is no need to do something with uplink port group (dvSwitch-DVUplinks-[random_number]), do not touch it.

[darko]

Something in our virtual platform is blocking the return packets from the L3 switch where EVE's SVI is configured. The port group has been configured as indicated in previous posts.

The devices configured within EVE CANNOT learn other MACs that are part of the same subnet/broadcast domain.

The switch where the SVI is configured can see and learns all these MACs without a problem - please see all the attached screenshots.

We use distributed vswiches and

Hypervisor: VMware ESXi, 6.7.0, 11675023