Originally posted by Pete
View Post
Both the T110 and the T20 run ESXi and the 10G cards I have are ESXi compliant with drivers for ESXi. When adding a network to a VM, I just use the last network card selection when adding a NIC to a VM. This VMXNET 3 selection gives that VM access to the 10G network. Using the built in ESXi networking features, this also allows me to link that 10G network through a pfSense network. I've not done this yet, but will allow me to remove the gigabit network and hook that into a separate switch, which I can de-power to keep the maintenance networks offline (being paranoid, I know).
I also use this machine (with it's 7 gigabit NICS) as my pfSense machine. I was upgrading my pfSense machine as you mentioned. Tossed it into my T110 and have never had to add / change anything since. have enough processors / ram to run with FULL SNORT. I do not at this time, but I've tested it. At the time of testing, had too many VMs in one machine (not enough RAM). Now with the second server, should be AOK to use again.
Originally posted by Pete
View Post
For ESXi, if the cards are hypervisor compatible, they are just resources. I think it will be more clear after I draw up the pictorial.
Basically in my T20, has TWO NICS. The 10G and my 1G. My networking tab has TWO networks. Allocated on the vmnic0 (1G physical port), is LAN and Managment. The vmnic1 is associated with the 10G. Once I tidy up the T110 side, vmnic0 will ONLY have Management. The vmnic1 will take everything else.
The T110 has 8 PHYSICAL NIC ports. 1 onboard, a 6 port Gigabit NIC, 10G SFP+ NIC. In the networking tab of vSphere (the managment software for ESXi), I have 6 networks. Management, Cable Modem, DSL Modem, LAN (interface to the physical 24 port SWITCH in the house), iSCSI (direct connect to the ACER Easy Home that uses a Nas4Free install), 10G network for the new iSCSI network (not fully setup at this time).
Then, I just associate those NETWORKS with NICS that are installed INTO virtual machines. The only networks that are NOT shared are Cable Modem and DSL. They ONLY go to the pfSense machine and are ONLY associated with 1 NIC each. Giving me PHYSICAL separation for my internet install. I could have used VLAN, but being paranoid and having more NICS than I knew what to do with, just dedicated 1 port each.
So, essentially, you can create as many networks as you want, even if they do not have a physical port. However, as I demonstrated, I've got multiple networks attached to 1 vmnic0 on my T20 and all of that is just 1 physical port.
So, for you, just associate only 1 NETWORK with EACH NIC. Then only assign that 1 network with your primary OS. The rest can share. If you are using something like VirtualBox, well, that is why I moved away. The only way I could make that happen was with a USB ethernet card. However, until the VirtualMachine is up and running, that USB device is available to the Host OS. This is where a hypervisor really shines. No matter what, the virtual machines MUST go THROUGH the hypervisor's resources, they cannot load until the hypervisor is running. This forces all my resources to NOT mix in all cases at all times. Thus I feel safe with all my internets going DIRECTLY into my server. It never comes OUT to my LAN without passing through pfSense first.
HTH and made sense.
--Dan
Comment