OverviewIt is possible to use a Silicom bridge card in hypervisor hardware in order to facilitate bypass functionality on a Virtual Exinda Appliance running on VMWare. The Silicom Driver needs be installed in the ESXI. The procedure is different for EsXI versions 4.1, 5.0, 5.1 and 5.5
The procedure for 4.1 and 5.0 can be found in the following document (from page 18):
Follow the next procedure for 5.1 and 5.5:
Install the Silicom Bypass Driver on ESXi 5.1 and 5.5
1. Enable SSH on your ESX system.
- Enable SSH through the CLI.
b. Restart the sshd service.
# service sshd restart
- Enable local or remote TSM from the Direct Console User Interface (DCUI).
b. Scroll to Troubleshooting Options, and press Enter.
c. If you want to enable local TSM, select Local Tech Support and press Enter once.
This allows users to login on the virtual console of the ESXi host.
d. If you want to enable remote TSM, select Remote Tech Support (SSH) and press Enter once.
This allows users to login via SSH on the virtual console of the ESXi host.
Recommendation: Have your virtual Exinda already installed with the number of interfaces already set, keep it turned off, we will work with it later.
2. Query the existing VIBs.
Make sure you are in maintenance mode:
# vim-cmd /hostsvc/maintenance_mode_enter
If the VIB you are deploying exist, you must first remove the existing VIB.
3. Run the following command to determine if any existing VIB matches the VIB you are deploying.
# esxcli software vib list | grep bpvm
If there are no matches with your VIB, skip the next step.
4. Optional: Remove the existing VIB.
# esxcli software vib remove -n net-bpvm
5. Download the Silicom Driver for EsXI 5.1-5.5 (Request it to Exinda TAC by opening a case)
6. Copy the driver into the ESX system with SCP or SFTP, drop it on the /tmp directory
# scp net-bpvm-126.96.36.199-1OEM.510.0.0.802205.x86_64.vib root@<esx-serverip>:/tmp
7. Deploy the VIB on the ESX system.
# esxcli software vib install -v /tmp/net-bpvm-188.8.131.52-1OEM.510.0.0.802205.x86_64.vib --no-sig-check
8. Reboot the appliance.
9.- When the ESXI server comes back, verify that a new network adapter named Òbpvm0Ó is listed under Configuration?Network Adapters:
NOTE: The bridge interfaces of the silicom card will now show up with the following duplex/speed settings if disconnected:
10.- Create two standalone vSwitches, and assign the LAN interface of the bridge to one of them and the WAN interface of the bridge to the other (Configure both standalone switches with Promiscous Mode and accepting all VLANs (4065).
11.- Look around in the Configuration?Networking configuration to see if the bvpm0 adapter is already attached to a standalone vSwitch that is not one of the ones created in the previous two steps. If that is the case, simply disconnect that bvpm0 adapter from it and assign it to the vSwitch that is currently connected to the LAN interface of the virtual Exinda, use the following command:
# esxcfg-vswitch -L bpvm0 vSwitch<NUMBER>
NOTE: It is possible that the above command fails saying that the bpvm0 uplink is already existing or that the device is busy, if that is the case, reboot the ESXI server one more time with the ÒrebootÓ command
12.- Connect the physical interfaces of the bridge to its peers (usually the core switch and the router/firewall).
13.- Turn the Exinda ON
When the exinda comes back you should see the bypass capability available and the duplex/speed negotiations pointing to the right values. One vSwitch should have both the LAN interface of the bridge and the bpvm0 driver while the other vSwitch will have the WAN interface of the bridge, refer to the below pictures (In the below example, the virtual exinda is configured with 4 interfaces, the first two are standalone interfaces while the last two are for bridging purposes):