Connecting VMs privately across hosts can be a tricky exercise. However, with the combined power of VMware ESXi 6.5 and vRack, OVHcloud customers can network their ESXi VMs easily, regardless of their location. In this article, we will teach you how to connect your VMs together using VLAN tagging from ESXi and vRack from OVHcloud.
Prerequisites
- At least two OVHcloud Dedicated Servers on a vRack running VMware ESXi 6.5
- Setting up vRack Using the OVHcloud Manager
Topics
- Adding a vSwitch to an ESXi Host
- Creating a New Port Group on the vSwitch
- Creating a Private NIC on a VM on the New Port Group
- Setting Up Networking in Ubuntu 18.04
- Setting Up Networking in Windows Server 2016
Adding a vSwitch to an ESXi Host
Note: All steps taken in a single ESXi host will have to be mirrored in each additional host if you wish for VMs on different hosts to communicate with each other.
To connect our VMs over vRack, we will be leveraging some of ESXi's networking options. The first thing we are going to do to each host is add a vSwitch to be used by the second physical NIC in each server. This is because all OVHcloud Dedicated Servers (with the exception of Game Servers) have two physical NICs - one for public networking and one for vRack. By default, ESXi will only configure a vSwitch for the public NIC.
To create a new vSwitch, click Networking in the "Navigator" panel on the left-hand side of the ESXi interface. Next, click the Virtual switches tab at the top of the "Networking" page.
From this page, click the Add standard virtual switch button and you will see the following pop-up.
You can name the switch anything you like, but you will only be able to choose vmnic1 for Uplink 1 because it is the only physical NIC not already attached to a vSwitch. Click the Add button when you have confirmed that all of the settings are correct. This will create your new vSwitch. In the next section, we will create a new port group and attach it to our newly-created vSwitch.
Creating a New Port Group on the vSwitch
Now that we have created a vSwitch for the physical NIC, we need to create a port group to route the traffic through the ESXi host. To create a new port group, click Networking in the "Navigator" panel on the left-hand side of the ESXi interface. Next, click the Port groups tab at the top of the "Networking" page.
Click the Add port group button and you will see the following pop-up.
Give your port group a name, a VLAN ID, and put it on the vSwitch we created in the first section of this guide.
Note: By default, the VLAN ID will read "0" which is for untagged traffic. We recommend using VLAN tagging for an added layer of security, select any number between 2 and 4,000 for this number. Then use the same number for every other VM you wish to network together.
Once you have confirmed that the settings you have selected are correct, click the Add button to create your new port group.
Creating a Private NIC on a VM on the New Port Group
Note: In this example, we assume that we are changing settings on a preexisting VM. However, these same settings can be changed during the creation of a VM in ESXi.
The next thing we need to do is create virtual NICs to be used for vRack on each VM we wish to connect. To do so, click the Virtual Machines tab on the left-hand sidebar.
Then click the VM in question.
Note: To make the following changes to your VM, the VM must be powered off.
Click the Edit button to access your VM's settings.
To route our VLAN tagged traffic, we will need to add another NIC to the VM. To do so, click the Add network adapter button and a second NIC will appear. Make sure the new network adapter is put onto the port group you created earlier in this tutorial.
You are now done with the network configuration you need in ESXi. For examples of how to set up networking on VMs running Ubuntu 18.04 or Windows Server 2016, read on to the next two sections. If you are running a different operating system, the setup required will vary.
Setting Up Networking in Ubuntu 18.04
The final step to configuring networking for VLAN-tagged traffic is to assign the NIC a private IP address to use for routing traffic. To do so, first access your server via SSH or the built-in ESXi console. Then, enter the following command to find the name of your second interface.
$ ip add
Note: By default, ESXi will assign the name ens192 to the second NIC if you are using the VMXNET3 adapter. If you are not using the default adapter, it will be the second interface in the list.
We will configure a NIC that is not already configured for public networking (one without an IP address already assigned to it). To do so, we will need to open the Netplan configuration file using the following command:
$ sudo vi /etc/netplan/01-netcfg.yaml
Once in the file, edit it to appear as follows. If you have already configured the public NIC, create the entry for the private NIC, directly below the public one. Do not delete the public NIC from the file.
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
ens192:
dhcp4: no
addresses: [192.168.0.1/24]
Note: You can use any private IP address you choose that isn't already utilized by another VM on the vRack. The CIDR notation will determine the subnet on which the different IP addresses can communicate with one another. All IPs on a VLAN must exist on the same subnet.
Save and exit the file and then apply the changes using the following command:
$ sudo netplan apply
This will apply the changes made to the Netplan configuration file. This completes the networking needed for an Ubuntu 18.04 VM to send VLAN-tagged traffic. Next, we will take a look at how to perform the same steps in Windows Server 2016.
Setting Up Networking in Windows Server 2016
Note: In order for Windows to transmit any traffic to other devices, you will need to ensure that it is discoverable by other devices. When configuring the network, make sure that it is labeled "Public" so that other computers on the same network can discover it.
If you are running Windows Server 2016, you will need to configure the Ethernet1 interface with a private IP address to route VLAN-tagged traffic. To do so, log in to your Windows VM and then enter the Server Manager. Click Local Server on the left-hand sidebar and then click the IPv4 address assigned by DHCP, IPv6 enabled button next to Ethernet1.
Now right-click the Ethernet1 adapter and select Properties from the drop-down menu.
Double-click the Internet Protocol Version 4 (TCP/IPv4) button.
Click the bullet next to "Use the following IP address" and enter a private IP address and subnet mask. Click OK when you are done.
Note: Remember that all private IP addresses communicating over a VLAN need to be on the same subnet. Define your subnet mask according to your needs.
Conclusion
Combining VMware's VLAN technology and OVHcloud's vRack can greatly improve your data security. In this tutorial, you have learned how to configure ESXi vSwitches, port groups, and NICs as well as how to configure the NICs in individual VMs. We highly recommend that you take advantage of this great technology to optimize your network's performance and security.