Getting Started with VMware ESXi

preamble preamble what will we accomplish what will we accomplish this guide provides a step by step tutorial for deploying the asternos vpp virtual gateway on a vmware esxi environment by following this guide, you will transform a standard x86 server into a high performance virtual router capable of line rate l2/l3 forwarding and nat services unlike standard virtual machine deployments, this guide leverages pci passthrough technology to bypass the virtualization layer, unlocking the full performance potential of the hardware the scenarios covered include pci passthrough configuring the host to grant the vm direct access to physical network interfaces l2/l3 switching configuring vlans and inter vlan routing to achieve wire speed forwarding nat gateway configuring snat to provide internet access for internal subnets prerequisites prerequisites to successfully complete this task, readers should have virtualization knowledge familiarity with vmware esxi management (web client) networking fundamentals understanding of ip addressing, vlans, and basic routing concepts hardware requirements an x86 server with intel vt d enabled in bios and a supported network card (e g , intel i350) preparation and environmental overview preparation and environmental overview topology map topology map network planning network planning before configuring the software, we must define the physical and logical connections the setup uses one management port (virtual) and three data ports (physical passthrough) lab components lab components device type role in topology role/description vmware esxi 7 0 host machine physical host asternos vpp vm virtual gateway 8gb ram, 4 core cpu pc1 internal client lan1 client, used for performance testing pc2 internal client lan2 client, used for performance testing target configuration plan target configuration plan device / interface physical mapping ip address / subnet notes / connection point ethernet1 host machine / management interface connected to esxi vswitch0 ethernet2 vmnic1 (passthrough) 192 168 200 166/24 wan interface connects to upstream gateway ethernet3 vmnic2 (passthrough) n/a (l2 port) member of vlan 100 connects to pc 1 ethernet4 vmnic3 (passthrough) n/a (l2 port) member of vlan 200 connects to pc 2 interface vlan 100 (logical) 10 1 1 1/24 gateway for lan1 interface vlan 200 (logical) 10 1 2 1/24 gateway for lan2 required tools & files required tools & files software download https //docs asternos com/api/files/8442c9f3 ff4d 42e0 9e2c baff1a839a84 conversion tool qemu img (required for converting qcow2 to vmdk on a local pc before uploading) testing tools iperf3 (must be installed on both client pcs for throughput testing) infrastructure deployment infrastructure deployment image preparation image preparation the asternos image is typically distributed in qcow2 format vmware esxi requires the vmdk format convert the image run the following command on your local machine (windows/linux) to convert the image qemu img convert f qcow2 o vmdk sonic vpp img asternos vpp vmdk upload to esxi log in to your esxi web client navigate to storage > datastore browser create a directory (e g , asternos) and upload the asternos vpp vmdk file configure host hardware configure host hardware to achieve line rate performance, the vm must bypass the virtual switch and access the network cards directly navigate to manage > hardware > pci devices locate your network adapter select the ports intended for data traffic note do not select the port used for the esxi management network click toggle passthrough verify the status changes to active reboot the esxi host to apply changes virtual machine creation virtual machine creation create the vm with specific settings to support pci passthrough and stability creation wizard select create a new virtual machine guest os family linux version debian gnu/linux 11 (64 bit) hardware customization cpu 4 vcpus memory 8 gb important expand memory settings and check "reserve all guest memory" (all locked) pci passthrough devices will fail to start without this hard disk delete the default hard disk select "add existing hard disk" and browse to your uploaded asternos fixed vmdk controller ensure the disk is attached to an ide controller network adapter 1 connect to vm network (vswitch0) this maps to ethernet1 (management) pci devices click add other device > pci device add the passthrough ports these map to ethernet2, ethernet3, etc 4\ finish complete the wizard and power on the vm network configuration network configuration in this phase, we will complete all global network configurations at once to facilitate the initial layer 2 performance test , we will initially assign both lan ports (ethernet3 and ethernet4) to vlan 100 access vm access vm log in to the console and enter the cli configuration view login name admin password asteros admin\@sonic $ sonic cli sonic# configure terminal configure wan & default route configure wan & default route configure the upstream interface (ethernet2) with a static ip and set the default gateway to ensure internet connectivity \# configure wan interface sonic(config)# interface ethernet 2 sonic(config if ethernet2)# ip address 192 168 200 166/24 sonic(config if ethernet2)# nat zone 1 sonic(config if ethernet2)# no shutdown sonic(config if ethernet2)# exit \# configure default route sonic(config)# ip route 0 0 0 0/0 192 168 200 1 configure vlans & gateways configure vlans & gateways create the necessary vlans and configure their ip addresses these will serve as gateways for the internal pcs \# create vlans sonic(config)# vlan 100 sonic(config vlan 100)# exit sonic(config)# vlan 200 sonic(config vlan 200)# exit \# configure gateway for vlan 100 sonic(config)# interface vlan 100 sonic(config vlanif vlan100)# ip address 10 1 1 1/24 sonic(config vlanif vlan100)# exit \# configure gateway for vlan 200 sonic(config)# interface vlan 200 sonic(config vlanif vlan200)# ip address 10 1 2 1/24 sonic(config vlanif vlan200)# exit configure nat configure nat set up the source nat rules to map internal private ip addresses to the wan public ip address sonic(config)# nat enable sonic(config)# nat pool lan pool 192 168 200 166 sonic(config)# nat binding lan binding lan pool configure lan interfaces configure lan interfaces for the first round of testing, we will assign both ethernet3 (pc1) and ethernet4 (pc2) to vlan 100 this creates a layer 2 loop free path for line rate verification \# configure ethernet3 sonic(config)# interface ethernet 3 sonic(config if ethernet3)# no router interface sonic(config if ethernet3)# switchport access vlan 100 sonic(config if ethernet3)# no shutdown sonic(config if ethernet3)# exit \# configure ethernet4 (initially in vlan 100) sonic(config)# interface ethernet 4 sonic(config if ethernet4)# no router interface sonic(config if ethernet4)# switchport access vlan 100 sonic(config if ethernet4)# no shutdown sonic(config if ethernet4)# exit \# save configuration sonic(config)# exit sonic# write verification verification phase 1\ layer 2 switching performance phase 1\ layer 2 switching performance verify that the asternos vpp vm performs layer 2 forwarding at line rate pc setup pc 1 ip 10 1 1 10 , mask 255 255 255 0 , gateway 10 1 1 1 pc 2 ip 10 1 1 11 , mask 255 255 255 0 , gateway 10 1 1 1 run iperf3 server (pc 1) iperf3 s client (pc 2) iperf3 c 10 1 1 10 u b 1000m t 10 expected result the bitrate should stabilize around 950 mbits/sec phase 2\ reconfigure for layer 3 & nat phase 2\ reconfigure for layer 3 & nat asternos configuration update move ethernet4 from vlan 100 to vlan 200 sonic# configure terminal sonic(config)# interface ethernet 4 sonic(config if ethernet4)# no switchport vlan 100 sonic(config if ethernet4)# switchport access vlan 200 onic(config if ethernet4)# exit sonic(config)# exit sonic# write pc 2 network reconfiguration ip address change to 10 1 2 10 subnet mask 255 255 255 0 default gateway 10 1 2 1 layer 3 routing & internet access verification layer 3 routing & internet access verification layer 3 performance test (inter vlan) verify the routing performance between vlan 100 and vlan 200 server (pc 1 10 1 1 10) iperf3 s client (pc 2 10 1 2 10) iperf3 c 10 1 1 10 u b 1000m t 10 result internet access test (nat) verify that pc 1 can access the internet via the asternos gateway command ping 8 8 8 8 result successful reply verify nat table check the nat translation table on asternos to confirm the session sonic# show nat translations conclusion conclusion this guide demonstrates that asternos vpp successfully combines the robust sonic ecosystem with the high performance vpp data plane by leveraging virtual machines and pci passthrough on standard x86 servers, users can easily build an enterprise grade virtual gateway capable of line rate layer 2/3 forwarding and nat for network environments seeking high performance, flexibility, and cost efficiency, asternos vpp is an ideal solution