Interesting issue regarding VGT & VST VMware vmxnet3 configs with VLANS
-
Hey everyone,
I am just wondering if anyone else ran into this issue while configuring PFsense 2.4.4 on VMware (I am using 6.5) and VLANs.
At a high level, I am using Intel PRO/1000VT quad cards in a small server running into a Juniper EX2200 switch setup for trunking on dual links (non-LACP, works correctly with Route based on IP hash).
So here is what I ran into..
I did two tests with PFsense and the vmxnet3 paravirtualized nic card, first being with VMwares VGT (virtual guest tagging) and second being with VST (virtual switch tagging). I can tell you at this point that the E1000 nic in VMware works correctly in both scenarios.
When I install PFsense 2.4.4 using a vmxnet3 nic card in VST mode (let's assume 4 Vlans for this discussion, one port group per vlan) and align the vmx# adapters in PFsense correctly to the Vlans, everything works correctly. I can ping another VM on the same vSwitch in another port group as well as ping clients out on the physical switch and in both directions. I get to the web interface and con configure with no issue. I am able to assign an IP to each interface, etc etc.. It works.
Now, when I install PFsense with vmxnet3 in VGT mode (one port group tagged with 4095) and when PFsense comes up, create Vlans and assign them to the correct vmx#'s parent interfaces as follows:
(example)
vmx0 - WAN
vmx1 - LAN 10.0.100.1/24 (un-used)
vmx1.100 - MGT 172.10.XXX.X/24
vmx1.10 - MNET 172.10.XXX.X/24
vmx1.11 - AP 172.10.XXX.X/24
vmx1.12 - etc, etc..Let's assume that the IP address on vmx1.100 being the mgmt network is how I access the web mgmt console. When I get this configured, from PFsense I can ping all the hosts, both VMs on same vSwitch and hosts on physical switch without issue using the MGT 172.10.XXX.X IP range assigned to that vlan. The problem arises when I try to ping PFsense from the same hosts, it can not be reached by any host. I am not able to ping back PFsense from either VMs or phyiscal hosts nor access the web management console.
So even though I am up and running in a VST config on VMware, I can not figure out why a VGT config will not work properly as it should. Physical nics are approved to work with PFsense, so that is not an issue. No physical switch config issue as it works perfectly in VST mode.
And again, ill add if I use E1000 cards, no issue with either VM mode.
Any ideas?
Thanks
- Steve
-
System / Advanced / Networking
have you disabled harware checksum ?
is Open-VM-Tools package installed on your pfsense?right now we only know that it's not working so let's start from the basic steps
i'm on esxi 6.7u3 and i have more or less the same configuration but i don't have this problem
i'm using vmxnet3, all my vswitch are tagged with 4095 and they fisically go to a cisco switch
if it's not something specific to 6.5..
