Connect GNS3 to ESXi

Introduction

As far as I can tell, there’s no great way to make this happen. I will explain, but to give you an image up front, below is a diagram of what I did. It may seem daunting at first, but I’ll explain as we go along.

gns3-esxi-diagram

Set Up Description

My GNS3 server is running on a VM on my ESXi host. In my case, I was running GNS3 on top of Ubuntu 15.10. My GNS3 server has four interfaces relevant to this problem. Interface eno16777984 connects from the VM to the default vSwitch0, which has access to the ESXi server’s one real network interface card. Interface eno33557248 connects to a second virtual switch I created, vSwitch1. This is the switch to which I connected the virtual machines I wanted to connect into my GNS3 topology. The interface tap1 is a loopback interface on the GNS3 server, which I used to connect into my GNS3 topology. Interface br0 bridges the tap1 interface to interface eno33557248. The bridge connects the virtual network created by vSwitch1 as bridged to my GNS3 topology.

Flow summary: VM hosted on ESXi -> vSwitch1 -> eno33557248 (GNS3 server)-> br0 (GNS3 server) -> tap1 (GNS3 server) -> GNS3 cloud

Apology: Sorry about the wonky interface names. Not sure why ESXi causes Ubuntu to generate such bizarre names.

Limitations

The limitation of this solution is that you may have to implement it multiple times if you want to connect different ESXi VMs into different locations within your GNS3 topology. For example, vSwitch1 could be used to service all the DMZ machines in a GNS3 topology. However, if you want to plug the ESXi VMs into a different location, say at the access layer, you will need to set up another iteration of this solution in its totality.

Configure ESXi Server

  1. Select your ESXi server, go to configuration->Networking
  2. Click Add Networking, Virtual Machine, Create a vSphere standard switch, label it and put it in a VLAN – I used VLAN 2, click finish
  3. On your GNS3 server, add a virtual NIC which is connected to your newly created vSwitch
  4. On your newly created vSwitch go to properties, highlight your newly created network (the one you named – not the one that says vSwitch), click edit, go to security and then click the checkbox next to promiscuous mode and change the setting to accept. This setting is not ideal and this technique should not be used in production networks. It essentially turns the vSwitch into a hub. I didn’t delve into depth on the issue, but I noticed vSwitch does not handled bridge traffic properly. It will forward layer two traffic, but layer 3. This setting is required for the bridge we create later on to work. As best as I can tell, it looks like vSwitch doesn’t learn the MAC addresses from the other network. So it doesn’t forward destination traffic properly.

esxi

My final configuration looked like this:

esxi-configuration

Configure GNS3 Server Interfaces

This is the tricky part of the operation. Credit goes to knowosielski for his post here for illustrating how to connect an interface into the GNS3 topology.

Create a Virtual Interface

  1. Create a shell script with the following content and put it in your location of choice (i.e. /scripts/<SCRIPT NAME>)

#!/bin/bash

#Set TAP1
tunctl -u husband

#Configure TAP1
ifconfig tap1 up

WARNING: Your tap interface may come up as tap0. That’s fine. When I set this up, I already had a tap0 so mine came up with tap1. If yours comes up as tap0, simply adjust the following steps accordingly.

  1. Modify the line “tunctl -u husband” and replace “husband” with your user name you want to have access to the interface.
  2. Save the script and make it executable with chmod +x <SCRIPT_NAME>
  3. Test the script by running it, then do an ifconfig and make sure tap1 is there. (Reminder, yours may come up as tap0, adjust steps accordingly if this is the case.)
  4. Modify “/etc/rc.local” to run this script every time the system starts. Add the line sudo <PATH_TO_SCRIPT>/<NAME_OF_SCRIPT> BEFORE the line exit 0. If you do not add the line before exit 0 it will not work. In mine I added the line sudo /home/husband/GNS3/script/tap
  5. Consider testing to make sure everything works by rebooting the system.

Create the Bridge Interface

  1. If you don’t already have them, run sudo apt-get install bridge-utils
  2. sudo vim /etc/network/interfaces add the line auto eno33557248 or whatever the name is of your VMs second interface. This should be the interface which resides in your newly created virtual ESXi virtual network which in my case was on vSwitch1.
  3. Now add the following lines:

# Bridge between tap1 and eno33557248
auto br0
iface br0 inet manual
bridge_ports tap1 eno33557248
bridge_stp off

  1. At this juncture, I strongly recommend you do a reboot and make sure that everything works at this point. If you skip this, troubleshooting down the line will probably be more challenging.

Configure GNS3

Now we’ll configure GNS3 itself. My setup was very simple for the sake of making sure everything works:

gns3_side

  1. In GNS3 click “Browse all devices” and drop the cloud into your topology
  2. Right click on the cloud and select configure
  3. Go to the tap tab, type tap1 (or whatever your tap interface is named), and click add

gns3

Now just drop a device in and connect it to the cloud and you should be up and running. I also tested this with the GNS3 ethernet switch and it worked fine. See screenshot below. This is a separate Ubuntu 15.10 server residing on my newly created ESXi vSwitch1, pinging through my GNS3 server and into the GNS3 topology.

gns32

This set up took me a really long time (especially that bit with promiscuous mode – that took forever to figure out). If you have any questions feel free to comment.

7 thoughts on “Connect GNS3 to ESXi

  1. Reply

    Jitesh

    how to do shell script concept in windows

    1. Reply

      grantcurell@gmail.com Post author

      There is no way to do this natively in Windows.

  2. Reply

    john

    Can you have a trunk on this bridge? so allowing all vlans

    1. Reply

      grantcurell@gmail.com Post author

      I’m inclined to say yes, but I would need to know more specifically what you would like to do.

      1. Reply

        Anonymous

        Instead of one cloud for each connection, I can have a Trunk and using vlan tagging for multiples of connections between ESXi hosts and GNS3 hosts

        1. Reply

          grantcurell@gmail.com Post author

          Ya, it’s a layer 2 bridge so it’s not doing any inspection of VLAN headers to my knowledge. I haven’t tried it out myself, but I don’t see any reason that wouldn’t work with the one drawback being all of your hosts will have to connect to a single point in the network.

  3. Reply

    Naro H

    Man, this is a great find, been struggling with this for a few days!
    So far I am having trouble with “3. On your GNS3 server, add a virtual NIC which is connected to your newly created vSwitch”
    Within my vSphere Web Client when I add a 2nd interface (eth1) to my GNS3 VM it breaks my ability to shh into my first interface of eth0 so alternatively if I manage the GNS3VM via the remote console my GNS3 VM loses internet connectivity via eth0 as well.
    Have nto quite wrapped my head around what is wrong yet.

Leave a Reply