[Simh] EXT :Re: VAX networking issue
Hittner, David T [US] (MS)
david.hittner at ngc.com
Mon Jun 10 10:13:19 EDT 2019
VMware is somewhat inconsistent in what triggers their network security to block access. It's some bizarre internal algorithm. I've had VMware allow network access for months and then all of a sudden shut off network access with no apparent change to the configurations or usage of the VMs. I've even seen the VMware network suddenly block working network access because someone pinged the IP address of the VM hosting SIMH machines. :-(
There are ways to fine-tune the allowed network access via configuration files to keep the overall enhanced security level up without enabling promiscuous mode, but you'll have to RTFM the VMware documentation.
-----Original Message-----
From: Zane Healy [mailto:healyzh at avanthar.com]
Sent: Saturday, June 8, 2019 4:48 PM
To: Hittner, David T [US] (MS) <david.hittner at ngc.com>
Cc: Mark Pizzolato <Mark at infocomm.com>; simh <simh at trailing-edge.com>
Subject: Re: EXT :Re: [Simh] VAX networking issue
Thanks! Putting the vSwitch into promiscuous mode did the trick.
What’s really strange is that it a VM on host1 would work, but not host2 or host3, until I made that change. Yet, none of them were set to promiscuous.
Zane
> On Jun 7, 2019, at 8:36 AM, Hittner, David T [US] (MS) <david.hittner at ngc.com> wrote:
>
> VMware has put some serious security enhancements on network ports in the last few releases to prevent spoofing and otherwise tighten network security to best practices.
>
> You might try enabling promiscuous mode on the vSwitch that you have the VM connected to and see if that solves the "two mac addresses coming from the same network port" problem.
> The vSwitch promiscuous mode is set to "reject" by default.
>
> David
>
> -----Original Message-----
> From: Simh [mailto:simh-bounces at trailing-edge.com] On Behalf Of Zane
> Healy
> Sent: Thursday, June 6, 2019 4:21 PM
> To: Mark Pizzolato <Mark at infocomm.com>
> Cc: simh <simh at trailing-edge.com>
> Subject: EXT :Re: [Simh] VAX networking issue
>
>
>> On Jun 6, 2019, at 2:11 PM, Mark Pizzolato <Mark at infocomm.com> wrote:
>
>> The above output is suspicious since it doesn't say that the XQ
>> device has been attached to any interface.
>>
>> What is the output of SHOW ETHER on this simulator?
>> Are you running as ROOT (which is required for network functionality on Linux unless you are using VDE Ethernet)?
>> Is the VM Hypervisor you're running under configured to pass arbitrary MAC addresses out of that VM?
>>
>> Apart from these considerations relating to basic packet capabilities, once you have any networking functionality, you may encounter a problem that has been reported on some Linux systems. You're not encountering this now, but if you do, you should add the following line to your configuration file:
>> sim> SET CLOCK NOCATCHUP
>>
>> The problem that is not always observed will be fixed soon and the SET CLOCK NOCATCHUP will no longer be necessary.
>>
>> - Mark
>>
>
> I just figured out that this is a VMware issue. I’m going to have to do some checking. I have a 3 system VMware cluster. Two of the systems are HP SFF PC’s, the third is an HP DL380 G7. I just migrated the VM over to one of the SFF systems, and it works. The SIMH/VAX is now a member of the cluster.
>
> I was unaware of SHOW ETHER, that should help me see what’s going on. I’ll shut the VM down and migrate it back to the DL380.
>
> Zane
>
>
>
>
> _______________________________________________
> Simh mailing list
> Simh at trailing-edge.com
> http://mailman.trailing-edge.com/mailman/listinfo/simh
More information about the Simh
mailing list