Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Preferred way to configure LAG/port bonding with ESXi
« previous
next »
Print
Pages: [
1
]
Author
Topic: Preferred way to configure LAG/port bonding with ESXi (Read 2198 times)
onosan
Newbie
Posts: 3
Karma: 0
Preferred way to configure LAG/port bonding with ESXi
«
on:
July 26, 2021, 06:17:11 pm »
I'm fairly confident in network configuration and deployed a setup below at home (see the diagram attached).
- OpnSense as a VM on ESXI 6.7
- ESXi is connected to a cisco switch with static LAG/link bonding. ESXi interface is passed to OpnSense directly. VLANs are configured on OpnSense and the switch
- No High-availability or IDP configured on OpnSense. Rules are completely permissive for troubleshooting at this point
- there is a wireless L2 Cisco AP on a trunk to the switch. The AP is definitely configured correctly, as it works for all clients when connected to other home-grade routers
Issues: Generally the setup works, but there is a issue for some wired and wireless clients - they are not able to ARP OpnSense (and therefore not getting L3 connectivity and DHCP as well). No clear pattern. Some clients can be completely fine, some can never connect (e.g. RaspPi on my picture)
Suspicion: Obvious reason for such behavior would be a LAG/bonding algorithm mismatch, however I have "source MAC" set on both sides (ESXi and the switch).
another suspicion would be LAG interfaces misconfiguration on the switch or ESXi, which doesn't seem to be the case.
QUESTIONS:
Which of the following is a preferred way to configure switch<>OpnSence in VM link bonding/LAG?
1. The way it is configured now: ESXI bonds the interfaces and passes them as one interface to the VM. VLAN are configured on OpnSense
2. Same as 1, but VLANs are terminated on ESXi. ESXi then passes multiple interfaces (for each VLAN) to OpnSense.
3. Pass ESXi interfaces directly to OpnSense without bonding. Configure bonding/LAG and VLANs on OpnSense
Any other tips to make it work reliably?
Thank you
Logged
Patrick M. Hausen
Hero Member
Posts: 6825
Karma: 573
Re: Preferred way to configure LAG/port bonding with ESXi
«
Reply #1 on:
July 26, 2021, 06:52:19 pm »
ESXi without a vCenter license does not support LACP, only static bonding which is notoriously failing under unreproducible circumstances. I'd do a PCI passthrough of two network interfaces if the system has got enough interfaces to spare. Then do LACP based bonding and VLANs on the OPNsense. I have that running here with a dedicated OPNsense syste and a Cisco 2960L - works like a charm.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
onosan
Newbie
Posts: 3
Karma: 0
Re: Preferred way to configure LAG/port bonding with ESXi
«
Reply #2 on:
July 26, 2021, 09:54:30 pm »
Perfect, I will try that!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Preferred way to configure LAG/port bonding with ESXi