MikroTik

Hi guys,

I have an issue with x86 ROS on ESXi servers. I installed it in a VM and want to use the router for additional spam filtering and firewalling.

I added two interfaces to the VM and in winbox created a bridge and added those two interfaces to the bridge. I also assigned an IP address to the bridge itself. I then created a second internal vSwitch on the ESX host and connected the one interface of the router to that vSwitch and the second interface on the router to the default vSwitch that carries traffic out of the ESX host.

When I connect a VM to the internal vSwitch on the ESXi host I cannot ping it's interface but when I connect it to the external vSwitch I can ping it. I have used the two options from VMware the E1000 and Flexible VM NIC options. The one emulates a AMD server NIC and the other an Intel server NIC. None of the options seems to work.


What can the problem be?

Hi Guys,

I cannot believe that no one has experienced problems like these before.

If there is someone please help.


Rayno

Hi guys,

Mikrotik's official response is they don't and will not support ESX/ESXi interface cards.

However the only way I could get this to work after trying all possible configs in ESX/i was to route to another subnet in which case everything including the firewall rules works perfectly. So if your input subnet is 10.10.10.x use 10.10.11.x as the internal network for example.

Hope it helps!
RaynoP

Mikrotik's official response is they don't and will not support ESX/ESXi interface cards.

There is no need for "official" VMware support as long the Intel e1000 cards are supported by RouterOS.
Just use e1000 cards which are working verry well on ESX for years ...

isnt there something in vmware you have to enable to allow a port to become promiscuous and see all traffic on a bridge?

Mikrotik's official response is they don't and will not support ESX/ESXi interface cards.

There is no need for "official" VMware support as long the Intel e1000 cards are supported by RouterOS.
Just use e1000 cards which are working verry well on ESX for years ...

I have used every network card and config ESX has to offer. Nothing works or worked.

isnt there something in vmware you have to enable to allow a port to become promiscuous and see all traffic on a bridge?

Promiscous mode by default is disabled on a vSwitch. It can be enabled but in all my tests it has made no difference.

I have 4.1 and 5 hosts at work. I will double check maybe version 5 has improved the problem.

so....

has it ?

works well for me on M v4 and Esxi 4 U1

You have to enable Promiscuous mode on each (!) vSwitch that you would like to connect using Mikrotik bridge

I also have X86 working well on ESXi 4.1U2 and 5.0U1. Yes you do have to enable promiscuous mode as you would no matter what the virtualized network appliance would be... MikroTik, Vyatta, pfSense, Untangle, etc

This does work, but I discovered a problem with it...the same problem that this gentleman using Vyatta discovered: ESXi will echo back broadcast ethernet frames (FF:FF:FF:FF:FF:FF) to the same vSwitch port it heard the broadcast frame from. This not only causes network loops, but it confuses the heck out of bridges, since it will first learn a MAC on one interface/port, and then see that same MAC show up on another.

http://www.vyatta.org/forum/viewtopic.php?t=7545

I have yet to find a workaround to this.

-- Nathan

Revisiting this old topic because the need to do this has come up again...

I discovered that the problem I was having with broadcast traffic getting looped back through the vSwitch only occurred if I had more than 1 pNIC attached to a vSwitch, even if the second pNIC was configured to only be used for failover/standby purposes. Kind of a bummer since I don't want to give up the redundancy just to be able to bridge, but I also need to bridge...

Found this discussion thread where the same thing is being echoed: https://communities.vmware.com/message/1507261

I am considering trying to run Open vSwitch inside of a guest and having it sit between the vSwitch with the two pNICs and all of the guests on this box. Has anybody else played with Open vSwitch in conjunction with ESXi? Is there a good ready-made OVF/appliance somewhere?

(MikroTik feature request: replace the Linux bridging code in RouterOS with Open vSwitch )

-- Nathan