Start a conversation

VMware ESXi

Learn how this leading hypervisor works on Packet bare metal.


The Basics

Packet supports ESXi 6.5 as installable operating systems for most of its x86 bare metal server configurations. With VMware ESXi, you can easily partition your server into virtual machines.

️  Note: this option is not available on our c1.large.arm ARMv8 server. 

vSphere Access

By default our ESXi image injects a root password (which can be used for the ESXi Web Interface and the SOS Console login prompt), in addition to any SSH keys you may have opted for during the configuring your server. Our portal will display the root password for the first 24 hours. After which, the root password will no longer be visible for security reasons, so please make a note of it or change it to one you know. Your SSH key will work for the lifespan of the system, but be aware that ESXi does not support cloud-init so adding an SSH key via the portal or API will not add it to the host for the root account. This will need to be done manually. 

ESXi SSD Performance Bug

If you have noticed degraded performance on your ESXi deployment, there is a known bug you can read more here. However, as of 6.5 Update 1  this issue is resolved. All new installs of ESXi 6.5 have this update applied.

The following string will correct the performance issue by allowing ESXi to revert to legacy ahci. 

>> esxcli system module set --enabled=false --module=vmw_ahci

ESXi Root Lockout 

In  ESXi 6.0+ a security feature was implemented lockout the root user for safety. After a number of failed login attempts, the server will trigger a lockout. This is a good safety measure for when you have public facing servers and is even important for internally exposed servers on your corporate network. We can’t always assume that it’s external bad actors who are the only ones attempting to breach your devices.

During provisioning our platform injects SSH Keys to the device and disables password based logins over SSH. This prevents lockouts caused by bad actors attempting to brute force SSH login attempts under normal situations. You can use those keys to reset the root lockout by running command: 

[root@esxi6:~] pam_tally2 --user root --reset

The output would include how many attempts, the last attempt (date) & IP: 

Login           Failures Latest failure     From
root                132  11/29/17           61.167.12.10
[root@esxi6:~]

Once the reset has been completed, it's suggested to utilize ESXi firewall to limit access to default SSH port 22 to only those authorized and/or alternate the default port to something specific for your use case. 

ESXi Licensing

Packet does not offer licensing for ESXi at this time. By default, the OS comes with a 60-day evaluation license.  If you would like to utilize it beyond the 60-days you will need to acquire a license from VMware and activate it on your Packet machine(s) directly. 

ESXi Networking

Every new ESXi server comes with a default /29 Public IP block where you have 4 usable IPs for your VMs.  From these 8 IPs:

1st - network
 2nd - gateway
 3rd - management
 4th - available
 5th - available
 6th - available
 7th - available
 8th - broadcast

If you need more IPs, we also offer the ability to provision with a custom /28 Public IP block. With this bigger block, you will have 12 usable IPs. From the portal, when provisioning a new server, after selecting ESXi as the OS, you will see an additional option under Manage

Note! These additional IPs will get charged at the regular public IPv4 rates of $0.005/hr per IP

Networking Between Hosts Using Layer 2

The particular use case outlined here suggests that you have 2 ESXi hosts in a cluster in the same datacenter. Using our Layer 2 feature is a great way to connect virtual machines in ESXi together via a private network. 

️  Note: L2 is readily available in our AMS1, EWR1, NRT1, and SJC1 locations. 

vSwitch0 & Private Network Connectivity

In the default setup, you should have two vmkernel interfaces configured with vSwitch0, one with your management IP address assigned during provisioning and one with the private network address also assigned during provisioning. By default only one of the Physical NICs is connected to vSwitch0. This is due to the packet network using LACP for network link bonding, and that not being an option in the free version of ESXi.

Example Network Outputs: 

 [root@centos1 ~]# ip a | grep ens

2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    inet 147.75.92.27/29 brd 147.75.92.31 scope global ens192

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    inet 192.168.0.11/24 brd 192.168.0.255 scope global ens224

 

[root@centos2 ~]# ip a | grep ens

2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    inet 147.75.92.28/29 brd 147.75.92.31 scope global ens192

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    inet 192.168.0.12/24 brd 192.168.0.255 scope global ens224

 

[root@centos1 ~]# ping -c2 192.168.0.12

PING 192.168.0.12 (192.168.0.12) 56(84) bytes of data.

64 bytes from 192.168.0.12: icmp_seq=1 ttl=64 time=0.402 ms

64 bytes from 192.168.0.12: icmp_seq=2 ttl=64 time=0.270 ms

 

--- 192.168.0.12 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 999ms

rtt min/avg/max/mdev = 0.270/0.336/0.402/0.066 ms

 

[root@centos2 ~]# ping -c2 192.168.0.11

PING 192.168.0.11 (192.168.0.11) 56(84) bytes of data.

64 bytes from 192.168.0.11: icmp_seq=1 ttl=64 time=0.382 ms

64 bytes from 192.168.0.11: icmp_seq=2 ttl=64 time=0.233 ms

 

--- 192.168.0.11 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 999ms

rtt min/avg/max/mdev = 0.233/0.307/0.382/0.076 ms


External Resources for ESXi / VMware Users

vSphere 6.x
ESXi 6.x


Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Mo Lawler

  2. Posted
  3. Updated

Comments