It is possible to use a Silicom bridge card in hypervisor hardware in order to facilitate bypass NIC functionality on a Virtual Exinda Appliance running on VMWare. The Silicom Driver must be installed in the ESXi.
The procedure to install the Silicom Bypass Driver for ESXi versions 4.1 and 5.0 can be found on page 18 of the Exinda VMware Quick Start Guide.
The configuration procedure for ESXi versions 5.1, 5.5, 6.0 is described in this article.
- Enable SSH on your ESX system:
- Enable SSH through the CLI:
- In the /etc/ssh/sshd_config set the following variable: PermitRootLogin yes
- Restart the sshd service:
# service sshd restart
- Enable local or remote TSM from the Direct Console User Interface (DCUI):
- At the DCUI of the ESXi host, press F2 and provide credentials when prompted.
- Scroll to Troubleshooting Options, and press
- If you want to enable local TSM, select Local Tech Support and press
Enteronce. This allows users to log in on the virtual console of the ESXi host.
- If you want to enable remote TSM, select Remote Tech Support (SSH) and press
Enteronce. This allows users to log in via SSH on the virtual console of the ESXi host. Recommendation: Have your virtual Exinda already installed with the number of interfaces already set, keep it turned off, we will work with it later.
- Enable SSH through the CLI:
- Query the existing VIBs. In maintenance mode, run the following command (note: If the VIB you are deploying exists, you must remove it):
# vim-cmd /hostsvc/maintenance_mode_enter
- Run the following command to determine if any existing VIB matches the VIB you are deploying (if there are no matches with your VIB, skip the next step):
# esxcli software vib list | grep bpvm
- Remove the existing VIB if it already exists by running the following command:
# esxcli software vib remove -n net-bpvm
- Download the Silicom Driver for ESXi 5.1, 5.5, 6.0 from:
- Copy the driver into the ESX system with SCP or SFTP and drop it in the /tmp directory:
# scp net-bpvm-220.127.116.11-1OEM.510.0.0.802205.x86_64.vib root@<esx-serverip>:/tmp
- Deploy the VIB on the ESX system:
# esxcli software vib install -v /tmp/net-bpvm-18.104.22.168-1OEM.510.0.0.802205.x86_64.vib --no-sig-check
- Reboot the appliance:
- When the ESXi server is back, verify that a new network adapter named bpvm0 is listed under Configuration > Network Adapters:
Note: The bridge interfaces of the Silicom card will now show up with the following duplex/speed settings if disconnected:
- Create two standalone vSwitches and:
- Assign the LAN interface of the bridge to one of the vSwitches.
- Assign the WAN interface of the bridge to the other.
Important: Configure both standalone switches with Promiscuous Mode and accepting all VLANs (4065).
- Check the Configuration > Networking settings to see if the bvpm0 adapter is already attached to a standalone vSwitch that is not one of the ones created in the previous two steps. If that is the case, simply disconnect that bvpm0 adapter from it and assign it to the vSwitch that is currently connected to the LAN interface of the virtual Exinda, use the following command:
# esxcfg-vswitch -L bpvm0 vSwitch<NUMBER>
Note: It is possible that the above command fails with an error saying that the bpvm0 uplink already exists or that the device is busy; if that is the case, reboot the ESXi server one more time with the
# rebootcommand or using GUI: right-click on the server > Reboot > Yes > OK.
- Connect the physical interfaces (cables) of the bridge to its peers (usually the core switch and the router/firewall).
- Turn the Exinda ON.
When Exinda comes back you should see the following:
- The bypass capability available and the duplex/speed negotiations pointing to the right values.
- One vSwitch should have both the LAN interface of the bridge and the bpvm0 driver while the other vSwitch has the WAN interface of the bridge.
In the below example, the virtual Exinda is configured with four interfaces, the first two are standalone interfaces while the last two are for bridging purposes: