After finally getting around to clearing space in the garage and getting an old Dell PowerEdge 2650 I’d acquired up and running with VMware ESXi I started [...]]]> [Note: I've started another series of posts using Vyatta in VMware for a more complex environment that starts with this one- crt (2/20/2010)]

After finally getting around to clearing space in the garage and getting an old Dell PowerEdge 2650 I’d acquired up and running with VMware ESXi I started to think about what I’d need to do to set up a few tests/scenarios I wanted to play with. One of these includes the use of Read Only Domain Controllers in Windows Server 2008. Setting up a virtualized Domain Controller (DC) in VMware is easy enough, the trick was trying to figure out how to simulate multiple IP subnets given that I only have one ESX box at the moment.

At work I can do the whole assigning port groups and VLANs thing and let our physical routers do the routing. For my home lab what I needed was some sort of virtual router that didn’t require 1) a bunch of work to configure, 2) lots of resources on my small host. That’s where Vyatta comes in. In addition to their networking appliances they also provide a “Community Edition” of their software as either a Virtual Appliance (for VMware server it appears) or as a Live CD.

I’ve chosen to use the Live CD for my particular lab scenario because it’s much smaller and since it’s based on an ISO image I can have multiple installations/configurations for just the cost of a virtual floppy image for each instance.

Ultimately my goal is to get to a configuration resembling the following diagram all on one physical server:

In this post I’ll describe setting up Vyatta using the LiveCD image and validating that routing is happening.

The first thing I had to do was create a second virtual switch (vSwitch1) on my ESX box for the second subnet. One could just as easily create port groups and use VLANs on the first switch but I wanted to keep it really simple for now plus I think that conceptually this fits the model a little better.

Creating the second virtual switch

The second virtual switch can be created by navigating to the server node in the Virtual infrastructure client. Then going to the Configuration tab. Select the Add Networking option. Choose the “Virtual machine” connection type. Click next. Choose “create a virtual switch” and uncheck the NIC (if applicable). Click next. Specify a network label. (in my case this is the virtual “remote site”). Click “Next” click Finish

Creating the Vyatta VM.

I started by downloading the Vyatta Live-CD image from http://www.vyatta.com/download/swdl.php. Once I had a local copy of the ISO, I uploaded it to the ESXi box.

Actually creating the VM four our purposes consists of two parts: the initial creation, and then the creation of the floppy image to store the configuration. Because I prefer to keep the floppy image with the VM’s config files I have to perform that portion of the configuration after the VM (and it’s associated folder) is created.   Using your good friend the VMware Infrastructure Client here’s the first set of steps to follow, (they’ll probably be fairly familiar with the slight change that we’re not going to add a hard disk).

Steps for Initial creation

1. File -> New Virtual Machine
2. Custom Virtual Machine Configuration (Next)
3. Specify the Virtual Machine’s Name (Next)
4. Select the Datastore where you want to store the VM (Next)
5. Choose Linux for the guest Operating System and RHEL5-32bit as the version. (Next)
6. Select the number of virtual CPUs, I chose 1. (Next)
7. Specify the amount of memory 128 MB RAM
8. Specify the number of NICs. For my scenario I chose 2 and assigned one to each virtual switch (Next)
9. Pick a Scsi adapter type the choice here doesn’t really matter since we won’t be adding a hard drive to this VM.(Next)
10. Choose “Do Not create a disk”. (Next)
11. Finish

Now that the VM has been created we want to right click on it in the VIClient and choose “Edit Settings”

In the Virtual Machine Properties window go to the Hardware tab.

Select the Floppy Drive.

1. 1. Choose “Create new floppy image in datastore” as the Device Type
   2. Click “Browse” and navigate to the directory in the datastore where you want to keep the floppy image.
   3. Specify the name of the floppy image. (ex: vyatta-config) and click “OK.”
   4. Ensure that the checkbox next to “Connect at power on” is checked,
   5. Click Ok.

Select the CD/DVD Drive

1. 1. Choose Datastore ISO file as the Device Type.
   2. Click Browse and navigate to where the ISO image is stored.
   3. Set to connect at power on and click OK

You’re now ready to poweron the vm and begin the process of configuring it. Power it on via the VI client and connect to the console.  You can log in as ‘vyatta’ with the password ‘vyatta’. The first thing you should do is make sure your VM sees both of the assigned NICs. This can be done by typing:  /sbin/ifconfig | grep -i ethernet. You should see two lines of output; one starting with ‘eth0′ the other with ‘eth1′.

 

vyatta@vyatta:/$ /sbin/ifconfig | grep -i ethernet

eth0      Link encap:Ethernet  HWaddr 00:0c:29:be:8e:2d

eth1      Link encap:Ethernet  HWaddr 00:0c:29:be:8e:37

vyatta@vyatta:/$

To configure the router to match our diagram above we’re going to assign eth0 the IP address 192.168.1.10 and use a subnet mask of 255.255.255.0 (/24). The second NIC will be assigned the IP address 192.168.2.10.  To do this we’ll enter the four following commands.

configure

Set interfaces ethernet eth0 address 192.168.1.10/24

Set interfaces ethernet eth1 address 192.168.2.10/24

commit

exit

The first ‘configure’ puts Vyatta into configuration mode where we can enter actual configuration commands. You might notice that the prompt changes from vyatta@vyatta:~$ to vyatta@vyatta#. The second command assigns an IP address to the interface eth0, while the third does the same for eth1. The fourth command “commit” actually commits the changes so that they’re in use in the running config. The last command exits the configuration mode and you’ll notice that the prompt has changed back as well

 yatta@vyatta:~$ configure
[edit]
vyatta@vyatta# set interfaces ethernet eth0 address 192.168.1.10/24
[edit]
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.2.10/24
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# exit
exit
vyatta@vyatta:~$

To validate that this is now the running configuration you can type: show configuration

Now to ensure that this configuration sticks with the VM between reboots we need to initialize the attached floppy by entering ‘init-floppy’ This will cause the VM to (re)format the floppy and write the configuration to the floppy.

vyatta@vyatta:/$ init-floppy

This will erase all data on floppy /dev/fd0.

Your configuration was saved in: /media/floppy/config/config.boot

vyatta@vyatta:/$

To validate that the configuration has been properly saved to the floppy and will be automatically available and in use upon reboot you can reboot the VM by typing “reboot” and waiting for the VM to reboot. Upon logging back in you can again run the ’show configuration’ command to see if the config has been kept through the reboot.

How do I know routing is working?

Now that the router has been set up with an interface on each of your virtual switches/subnets you need to verify that it will actually route packets between the two subnets. One way to do this is to create two VMs, one on each virtual switch configured to use the appropriate router interface as its default router.  That can be a bunch of work just to test the routing depending on what kind of guest you use. Another option which I used to do my intital testing was to create two more VMs using the Vyatta LiveCD.  Simply by entering a few commands I can quickly have a configured VM on each subnet that I can use to ping back and forth with.  For the VM on the 192.168.1 subnet I could enter the following commands to configure the new VM.

configure
set interfaces eth0 address 192.168.1.11/24
set system gateway-address 192.168.1.1
commit
exit

Enabling SSH

I also like to enable ssh access for the vyatta router so I can use Putty from my Windows box to administer the VM and not have to use the VI Client console. That can be done by entering:

configure
set service ssh
commit
exit

Saving your configuration

Again to ensure that this is kept in the config through reboots you need to execute the ‘init-floppy’ command.