The Insecure Wire

a network engineers perspective

Configuring Cisco VIRL External Connectivity on ESXi

So I recently built a Cisco VIRL lab on VMware ESXi. One of the issues I was having was layer 2 external connectivity from VIRL using the shared flat network object.
Essentially shared networks FLAT and FLAT1 within VIRL are layer 2 Linux bridge adapters that bridge eth1 and eth2 from the VIRL openstack config to the vSwitch.

FLAT (VIRL Openstack) -> br1 -> eth1
FLAT1 (VIRL Openstack) -> br2 -> eth2

The problem was that from VIRL and within simulations ARP requests were not getting through the bridge adapter. To fix this I edited the bridge config to bind it the eth1 and eth2 like so:

sudo nano /etc/network/interfaces.d/br1.cfg
bridge_ports dummy1 eth1
sudo ifdown br1
sudo ifup br1

Repeat this for the other bridge adapter (FLAT1 br2.cfg and dummy2 should pair with eth2).
This resolved the issue for my configuration. Simulations once routing was configured are able to connect to the Internet via the FLAT network.
There are lots of posts on the Cisco support forums for this issue of which there are varying solutions. Along with the above Linux bridge configuration fix there is also:
1. Make sure the vswitch port groups are set to allow promiscuous mode, allowed forged transmits and allow mac address changes.
2. Set the vswitch port groups load balancing method to source mac hash.
3. If your using UCS and fabric extenders make sure your uplink port is set to native vlan if your using untagged ports.

VIRL LAB

Links:
How to: Add Interfaces and Networks to VIRL PE
Cannot ping/SSH to sim nodes in FLAT
Having trouble to connect my physical lab to VIRL