最近跑最新的PFSENSE在VMWARE上,一直遇上幾件怪事
Recently, I tried to install the newest version of pfsense on vmware, but always encountered few strange things.
第一件是只要VMOTION, 網卡順序就亂掉, 在PFSENSE上ASSIGN的網段就亂掉, 比如本來給VLAN2的網卡1,變成網卡2
the first one is if i tried to vmotion, then the sequence of virtual Nics which located at vlan2 will be reordered, for example, the original vlan 2 located at the first virtual NIC will be changed to the second one. Such kind of situation also happened on other vlan segments.
但只要將它再ASSIGN一次,再VMOTION回來就不會再發生…這有可能和我陽春的VMWARE HA環境有關, 兩台不同主板但一樣CPU的主機,
after few testing, i found out as long as i reassigned the correct order of virtual network card, and then vmotion again it is back to be normal. apparently, it maybe related to my enviroment of cheap vmware ha, i got two same cpu spec but different mother board model.
沒法直接VMOTION, 總抱怨少了兩個CPU功能,我判断這和主板差異有關, 這還真是大意了, 我原以為兩個一樣的CPU,不會發生此情形,網上一查,
according to such kind of situation, for now, my vmware ha cannot do online vmotion, system always complained that are absent two of cpu functionalities, it might be due to different mother board i guess. at the beginning, i thought it will not happen such kind of situation if i adopted two same cpu models.
還真的只能開EVC,但是呢,我用的也不是XEON CPU, 所有EVC型態都選了,兩台PC還是不匹配,所以只能關機離線手動VMOTION,暫時只能這樣..
I searched on the google, and then found out EVC functionality needs to be enabled, but i am not using xeon cpu, even i tried to enable EVC in my vmware HA, but no any EVC model could be meet. so, right now, all i can do is using offline vmotion after virtual host shut down.
反正也是半實驗環境
Anyway, it’s just a semi-lab environment. I could accept it for now, i am thinking if i have time, i will shut down one of the vmware server trying to check cmos, hope i could let they both conssistent with each other.
第二個怪現象便是,兩條腿的PFSENSE都沒問題, 即LAN和WAN 只開這樣,網路都正常…
The second strange thing is when i just enabled two legs of firewall(pfsense), as is , WAN and LAN, everything is fine.
但只要我把我內網另兩個VLAN也加入, 一開始確認都由各網段做LOCAL PING,全是通的,沒想隔個兩天,我發現只有LAN WAN是好的
but if I joined another two VLANs into pfsense, at the beginning, when i was done all local ping in each network segmenet, it’s all passed and working fine, but didn’t know why after two days i found only left WAN and LAN were working well, other two vlan segments were malfunction.
害我一度以為我的VLAN TRUNKING出了問題, 但最後檢查半天應該不是, 因為在別的VM上,PING同一段那VLAN的其它VM,又是正常的,
Such kind of situation make me doubt with my vlan trunking set wrong , but after investigated with switch and vmware configuration, i found it’s not because of it, i tried to ping other VM also assigned with the same malfunction vlans on pfsesne, all of them were be running well.
如果我的VLAN TRUNKING有問題,按理是全都不通的…
if it’s because of vlan trunking, all other VM’s same vlan should be also malfunction.
最後我只好檢查HOST上的VIRTUAL NETWORK CARD的設定了, 我試著取消directpath io , 奇蹟就出現了, VLAN 2 VLAN 68 都通了,
the last thing i can do is trying to check the setting of virtual network card on that virtual host, i tried to cancel the configuration of directpath io, and then a miracle happened, all malfunction vlans return to be normal.
但奇了也怪了, 我LAN WAN都不用取消…
and another strange thing is i don’t need to cancel that directio path function on LAN and WAN network segment.
以前呢,在PFSENSE舊版及VMWARE 6.0的環境,我都未曾遇過此現象…
i never discovered such kind of situation when I was running pfsese and vmware old version.
目前我的VMWARE 是6.7 , 主要我還沒買支援7.0的NIC, 先湊合著用吧…而且有些東西用最新版未必最好..
right now, i am using vmware 6.7, I still did not buy the NIC that supported vmware 7.0, just make do with it.
after all, sometimes, the newest version might not be the best option.
先再觀察幾天吧..
i made a decision in my mind, observed it few days first.
