Thursday, May 27, 2010

ESX NAT (Or How do the VMs get Internet Access)

Category: SkyHi @ Thursday, May 27, 2010

ESX NAT (Or How do the VMs get Internet Access) posted: May 5, 2008 7:04 PM

Click to view mikhaill's profile Novice
mikhaill
11 posts since
Feb 6, 2008

In the next few days I will be setting up an ESX server with numerous VMs all of which need internet access (nothing major, just pull down some web pages). Until now I've been using Workstation which took care of the whole NAT issue for the VMs. Now, I can be totally missing something but I'm reading the ESX config file and I can't seem to figure out how to provide outside internet access to the VMs. I see the following line in the docs: A vSwitch can route traffic internally between virtual machines and link to external networks. So that means that I create a vSwitch and link all the VMs to it, but if it acts as a swtich in normal understanding, how will it know which VM to route return traffic back to? Does it in fact act as a router then?

I haven't been able to find much documentation in terms of figuring out how to get all the VMs on a host access to the internet via NAT or another method that doesn't require a separate outside IP per VM.

Can anyone clarify? Thank you in advance!


Tags: esx3, nat, networking

Re: ESX NAT (Or How do the VMs get Internet Access)

1. May 5, 2008 7:10 PM in response to: mikhaill
Click to view Gerrit.Lehr's profile Master
Gerrit.Lehr
827 posts since
Nov 9, 2005

For easier understanding, you should think of the ESX network in terms of a physical network. You can create vSwitches which act like physical switches. They can either be VM only switches, which means only VMs on the ESX are connected and there is no uplink to the physical LAN. Or they can have an uplink to the physical Network thru a physical ESX NIC. Think of this like the normal Uplink from your physical switch to the rest of the backbone. Then you select the vSwitch to witch the VM is going to be connected. It behaves completely like a physical connection to a physical switch.

Kind Regards,

Gerrit Lehr

If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".

Re: ESX NAT (Or How do the VMs get Internet Access)

2. May 5, 2008 8:31 PM in response to: Gerrit.Lehr
Click to view weinstein5's profile Guru vExpert
weinstein5
7,516 posts since
Nov 19, 2005
Garrett is right on with his explanation - also this doc might help - http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_quickstart.pdf

Re: ESX NAT (Or How do the VMs get Internet Access)

3. May 5, 2008 10:32 PM in response to: mikhaill
Click to view klich's profile Enthusiast
klich
58 posts since
Jul 25, 2005

You'll need to implement a VM to handle the NAT routing for you.

Effectively, your NAT router VM will be connected to two vSwitches that you create (you'll configure the VM with 2 vNICs). Lets call them "Internet vSwitch" and "Local vSwitch". Your physical link to the network will be connected to the Internet vSwitch, and all of your virtual machines will connect to the Local vSwitch.

Physical Network <--> Internet vSwitch <--> NAT Router VM <--> Local vSwitch <--> Virtual Machines

There are several options out there for you to choose from for the NAT router VM.

1. Internet Connection Sharing Appliance http://www.vmware.com/appliances/directory/395 (pre-built VM, use Importer to add it to your ESX server, WS v6.x includes importer built-in, approx 4MB)
2. FreeSCO - http://www.freesco.org/ (build a new VM. load and configure. This has a very small footprint, designed to fit on a floppy, and is what they use in the VMware classes to demonstrate exactly what you want to do here)
3. Vayatta - http://www.vyatta.com/ (pre-built VM, largest footprint at approx 145MB, but very feature rich... probably overkill for just a NAT router, but good to know its out there if you need to do some fancy routing)

Hope that will help you on your way.

Re: ESX NAT (Or How do the VMs get Internet Access)

4. May 5, 2008 11:15 PM in response to: klich
Click to view Gerrit.Lehr's profile Master
Gerrit.Lehr
827 posts since
Nov 9, 2005
I assume that he refered to the NAT Network Devices available in VMWare Workstation and Server, where NAT on the Hostsystem can be used to connect a VM to the physical network, instead of really wanting to implement NAT via ESX to connect the VMs to the Internet. Using a normale vNIC connected to an uplinked vSwitch should be enough to get the VM to see the physical LAN and the Internet over standardgateway.

Kind Regards,

Gerrit Lehr

If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".

Re: ESX NAT (Or How do the VMs get Internet Access)

5. May 6, 2008 9:59 PM in response to: Gerrit.Lehr
Click to view mikhaill's profile Novice
mikhaill
11 posts since
Feb 6, 2008

Thank you everyone for your feedback. The different VM appliances listed by klich will do the trick for us. I am just surprised ESX hasn't made this easier...


Re: ESX NAT (Or How do the VMs get Internet Access)

6. May 7, 2008 12:42 AM in response to: mikhaill
Click to view Rumple's profile Master
Rumple
1,458 posts since
Jan 6, 2005

Vmware didn't make this easier because it is an enterprise product geared at enterprise environments (or was) so typically people have hardware Firewall's/applicances and routers in place

Think of vm's as physical servers and ESX is just providing the switching capabilities if that makes it easier to understand

In this case you'd need some type of firewall to isolate the external network from the internal networks The only 2 options are hardware and software and you'd build accordingly

Without trying to offend you, I suspect its just lack of overall experience with networking in general thats probably caused your confustion...

We've all been there, but luckily there are lots of people on these forums with some extrordinary experience to help us along our way :o)

Re: ESX NAT (Or How do the VMs get Internet Access)

7. Oct 27, 2008 2:19 AM in response to: klich
Click to view paragpdoke's profile Novice
paragpdoke
28 posts since
Jul 13, 2007
Hello Klich, Mikhaill & Rumple.

Rumple,
I'm new to VMware networking concepts and was looking for the same NAT configuration for VMs hosted on ESXi (installed using VMware-VMvisor-InstallerCD-3.5.0_Update_2-110271.i386.iso). Possibly because of lack of expertise / knowhow.

Klich,
I tried following your instructions and downloaded Internet Connection Sharing Appliance. I did not want much of configuration steps so going by your description, attempted with the 1st download (http://motsug.googlepages.com/vmware-nat-appliance-11.zip). After extracting the zip file, I tried:
1) Using VMware converter (VMware-converter-3.0.3-89816.exe) to import the appliance into my ESXi server. But it complained of being unable to recognize/identify the OS on the VM. When I read your reply closely, I thought maybe there was some other option to import.
2) Found the File -> Virtual Appliance -> Import option in the VI client (2.5.0 build 103682) and pointed it to the location where I extracted the zip file contents. It complained that a VMware configuration file cannot be imported.

Mikhaill,
Have you had success trying to get the VMs access the internet using NAT like networking ? If yes, could you please share your experiences (for a newbie) ?

If not, then I'm not sure how to proceed. Any pointers are welcome.
Thanks in advance,
Parag

Re: ESX NAT (Or How do the VMs get Internet Access)

8. Nov 4, 2008 7:45 AM in response to: paragpdoke
Click to view paragpdoke's profile Novice
paragpdoke
28 posts since
Jul 13, 2007
I managed to get the FreeSCO VM router to work...but don't know what to do next. Please find 2 images (host configuration & guest configuration) attached with this reply. Still looking out for help...

Thanks in advance,
Parag
Attachments:
REFERENCES
http://communities.vmware.com/thread/144192;jsessionid=2A6361656637F2A615BB90495DCFA323