VMware vSphere

I have a dedicated server in the cloud with a /29 block of static IPs. One of the public IPs has been assigned to the first vmknic. This means that I can only manage ESXi from the internet. For security reasons, I want to add a second management interface on the internal side and then eventually disable the public management. I've successfully added vmk1 and assigned it an internal address. My VM (placed on the same subnet) can ping the vmk1 IP, but nothing outside of the subnet, which I assume is because the vmk1 nic has no routes/default gateway.

I tried adding the route from the CLI using "esxcli network ip route ipv4 add -n 10.100.1.2/24 -g 10.100.1.1" but I receive "Unable to Set: Sysinfo error: Network unreachableSee VMkernel log for details."

How can I get the static route added for the second to-be internal management interface?

Hi,

I'm adding a sample of command down. You can try that. I use it actively.

esxcli network ip route ipv4 add ---gateway 172.x.x.x ---network 195.x.x.x/28

Thanks.

I tried using the command using the syntax provided, but I receive the same error.

Hi,

I ran the command, I'm not getting an error. Can you check again?

[root@esxi01:~] vmware -vl

VMware ESXi 6.7.0 build-8169922

VMware ESXi 6.7.0 GA

[root@esxi01:~] esxcli network ip route ipv4 add --gateway 192.168.1.254 --network 172.23.100.0/24

[root@esxi01:~] esxcli network ip route ipv4 list

Network       Netmask        Gateway        Interface  Source

------------  -------------  -------------  ---------  ------

172.23.100.0  255.255.255.0  192.168.1.254  vmk0       MANUAL

192.168.1.0   255.255.255.0  0.0.0.0        vmk0       MANUAL

[root@esxi01:~]

I've tried a couple times, no such luck. Could it be a misconfiguration somewhere else in the vmknic? Is there something else I can check that would lead to the cause? The log in the VMkernel log it suggests is useless.

Can you give me a screenshot of the command you're working on?

[root@esxi01:~] esxcli network ip route ipv4 add --gateway 192.168.1.254 --network 172.23.100.0/24

Please send an example of the above command.

Can you check it please, with the old CLI esxcfg-route and give me the result?

esxcfg-route -d target_network_IP netmask default_gateway

I tried the old CLI command, I received

Deleting static route 192.168.0.0/21 from VMkernel

Error: Unable to find route 192.168.0.0/21 with gateway 192.168.100.1

I am able to ping from said gateway to the NIC on the esxi server holding an IP within the same subnet as the mentioned gateway NIC.

Please check is there any related route of that subnet?

esxcli network ip route ipv4 list

There is not, the only two routes shown are from the vmk0 interface which is the default stack interface, which has a default gateway of the public IP and the public IP network with a gateway of 0.0.0.0.

Did you check the default gateway is in the /29 block of IP addresses or not?

The default gateway currently for the "default stack" is the default gateway of my public /29 block.

At last I think it's better to check this link anyway, maybe guide you better to achieve your goal. VMware mentioned:

Each ESXi/ESX VMkernel's network stack does not support multi-homing or multiple routing tables.

The VMkernel TCP/IP stack uses a single routing table to route traffic. If you have multiple VMkernel network interfaces (vmknics) that belong to the same IP subnet, the VMkernel TCP/IP stack picks one of the interfaces for all outgoing traffic on that subnet as dictated by the routing table.

BTW you can try to add the static route with host profile. Check it after all ...

I'm not trying to put the nics into the same subnet. Essentially i want one of them to be "public" and one to be "private"

So the real problem here is my lack of understanding of how TCP/IP stacks function within ESXi. I have created a custom IP stack in order to make a routing and separate default gateway. But I can't change any of those parameters within the GUI. All I can change is the default gateway, which errors out saying there is no DNS set. What gives?

DNS servers and default gateway are two different issues and separate criteria, although both of them will be configured in the TCP/IP stack of VMKernel port.

esxcli network ip interface ipv4 set –i vmknic -t static –g IPv4 gateway -I IPv4 address -N mask

And to create a custom TCP/IP stack:

esxcli network ip netstack add -N="stack_name"

Also, remember this note: You can change the DNS and default gateway configuration of the default TCP/IP stack only. Changing the DNS and default gateway configuration of custom TCP/IP stacks is not supported.

there is no DNS set

If there is no real DNS server, please set for example 127.0.0.1 as the DNS server and check it again.