00: Lab Setup

This doesn’t really form part of the series but it’s helpful note for me to remember how I did this.  I don’t have four machines available but I do have an Dell R710 which will virtualise everything else.

On the R710, I installed ESXi 6.0.0 on the internal SD card using the DRAC to boot from the ISO file

I have created a virtual machine networks on that host as follows.  None have a physical adapter but importantly all have security mode set to promiscuous under vSwitch configuration.

  • LAB VM Network
  • LAB iSCSI Network – MTU set to 9000
  • LAB vMotion Network
  • LAB DMZ Network

image

To bridge the lab to the Internet, I initially used an OpenBSD VM to act as the router but once the firewall rules got complicated I switched to a Juniper vSRX as I’m familiar with JunOS.  Here’s the initial configuration

set interfaces ge-0/0/0 unit 0 family inet address 172.20.0.248/20
set interfaces ge-0/0/1 unit 0 family inet address 10.0.0.1/16
set security nat source rule-set outgoing from zone trust
set security nat source rule-set outgoing to zone untrust
set security nat source rule-set outgoing rule outgoing match source-address 10.0.0.0/16
set security nat source rule-set outgoing rule outgoing match destination-address 0.0.0.0/0
set security nat source rule-set outgoing rule outgoing then source-nat interface
set security policies from-zone trust to-zone untrust policy outgoing match source-address any
set security policies from-zone trust to-zone untrust policy outgoing match destination-address any
set security policies from-zone trust to-zone untrust policy outgoing match application any
set security policies from-zone trust to-zone untrust policy outgoing then permit
set security zones security-zone untrust interfaces ge-0/0/0.0
set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ssh

The lab setup will require shared storage so I’m using to use an iSCSI target provided by Open-E DSS v7.

I’ve installed it in a VM with 2GB of RAM and a 500GB disk. I’ve used DHCP on the external network for management and I’ve set the internal IP address to 10.1.0.10/24. I’ve enabled jumbo frame support. Open-E DSS v7 is available on a 60 day trial basis.

Installing ESXi nested under ESXi is easier than ever before with ESXi 6.0.0.  The VMs were four CPUs and 16GB of RAM and a 2GB disk but due to RAM limitation the VDI ESXi hosts only had 12GB of RAM.

For each VM enable “Expose hardware assisted virtualization to the guest OS” which unfortunately can’t be set using the vSphere client.  I don’t want install vCenter to manage my ESXi host so I’ve experimented a little and found that placing these two lines in the VMX file has the same effect:

featMask.vm.hv.capable = "Min:1"
vhv.enable = "TRUE"

Each ESXi host has five network cards connected as follows

  • First network card to LAB VM Network
  • Second network card to LAB iSCSI Network
  • Third network card to LAB vMotion Network
  • Fourth network card to LAB VM Network
  • Fifth network card to LAB DMZ Network

Finally, install a Windows 8.1 VM to be used as the admin workstation