Configure

external connectivity using the FLAT

network (ESXi Server) in Cisco VIRL
Essentials
1.
2.
3.
4.

Access to network devices

Layer 3 switch or Router
Ability to add routes on gateway device
Administrator privilege

Before you begin

Plan for connectivity and choose the network IP schemes you will use for your VIRL environment. We
will be using VLANs 10, 20, 30; but you may choose any allowed VLAN ID youd like. Also, make
sure that you do not overlap subnets between VIRL and your existing environment. We will be using
VLAN 10: 172.16.1.0/24 for external connectivity in this document. Also, please note that we will be
using two vSwitch instances on the ESXi host. The first vSwitch (vSwitch0) will have connectivity to
the VIRL VMs eth0 port and the ESXi host for management access. The second vSwitch (vSwitch1)
will have all the port-groups for external connectivity. You can find how to connect the interfaces in the
install guide1.

Assumptions
During the remainder of this document were making the following assumptions:
You have installed VIRL on ESXi as per the install guide instructions; make sure your are using
one of the minimum supported versions:
o ESXi 5.1U2 (Build 1483097)
o ESXi 5.5U1 (Build 1623387)
o ESXi 6.0 (Build 2494585)
You have connected and configured your L3 switch or router to support your VIRL VLANs.
You have some understanding of basic routing.
You have access to your ESXi host and connected network devices.

http://virl-dev-innovate.cisco.com/client.php

VIRL White Paper

Page 1

Configure external connectivity using the FLAT network (ESXi Server)

Steps
Step 1 Configure static IP address for the management interface of the VIRL VM (recommended)
Step 2 Follow the instructions outlined in Step 10 of the installation guide to configure the IP
address of each VLAN. We need at least three VLANs that will coincide with each
network (FLAT, FLAT1, SNAT). In this example we are configuring the VLANs as per the
attached diagram.
NOTE:

In this example the gateway for VLAN10 is configured to be 172.16.1.2 (interface VLAN10). Because of this,
we must update /etc/virl.ini to use this interface instead of the default 172.16.1.1 as illustrated here:

## First flat connection (AKA flat)

## Physical Port and virtual bridge for L2 bridge
## Default
l2_port: eth1
## l2 network
## l2_network format is address/cidr format x.x.x.x/x
## Default
l2_network: 172.16.1.0/24
l2_mask: 255.255.255.0
l2_network_gateway: 172.16.1.2 <<< note change!

Step 3 Once you have finished and saved all changes to virl.ini ensure to continue the steps
to rehost and L2 kernel Patch the system. Note that there will be two reboots in order
to properly prepare the system.

Check Point
The virl.ini file should now reflect your physical network(s) in FLAT, FLAT1 and SNAT network
settings. Next, route statements in the physical router need to be configured. In this example, we are
using a Linksys WRT1900AC wireless router. Remember that route statements are written like this:
For destination network, the next hop is my next device on my network
Or
For any device in network 172.16.1.0/24, go to this device 172.16.50.4
This is what it looks like on the router. Note that your device may use different naming convention.

VIRL White Paper

Page 2

Configure external connectivity using the FLAT network (ESXi Server)

NOTE:

In this example, the router does not have the capability to create VLANs and VLAN interfaces. Because of this,
we are using a Cisco Catalyst 3520 (see diagram) switch to create SVI2 / Interface VLANs. Since this switch
understands routing, we are able to send all used networks to its gateway, which here is a WRT1900AC.

You can perform the same function using a router or firewall that supports the creation of sub-interfaces.
The next step assumes you are connecting your ESXi host NIC to either a Layer 3 switch or a Cisco
Router / Firewall. (If you are using a Cisco router, proceed to step 5.)
Step 4 Connect and define VLAN interfaces (SVI) on your L3 switch
# conf t
# interface vlan 1
# ip address 172.16.50.4
# interface vlan10
# ip address 172.16.1.2 255.255.255.0
# interface vlan20
# ip address 172.16.2.2 255.255.255.0
# interface vlan30
# ip address 172.16.3.2 255.255.255.0
Step 5 Create sub-interfaces for your networks
# conf t
# interface gi x/x.1
# encap dot1q 1
# ip address 172.16.50.4
2

SVI = Switched Virtual Interface

VIRL White Paper

Page 3

Configure external connectivity using the FLAT network (ESXi Server)

# interface gi x/x.10
# encap dot1q 10
# ip address 172.16.1.2 255.255.255.0
# interface gi x/x.20
# encap dot1q 20
# ip address 172.16.2.2 255.255.255.0
# interface gi x/x.30
# encap dot1q 30
# ip address 172.16.3.2 255.255.255.0
Step 6 Define the default route (The default route points upstream to your router. In this example
it has an IP address of 172.16.50.3)
# ip route 0.0.0.0 0.0.0.0 172.16.50.3
Step 7 Configure switch port(s) connecting to your ESXi server (vSwitch1) as trunk (dot 1q)
DO NOT do this if you are using a router or firewall as this step may not be applicable.
# switchport trunk encap dot1q
# switchport trunk allowed vlan 10,20,30
# switchport mode trunk
Step 8 Test connectivity from the VIRL VM. At this point you should be able to ping all VLAN
interfaces and the bridge port address on each VIRL network (172.16.x.254). If the pings
fail, ensure your route statements are correctly written. Remember that you need to be able
to reach your gateway and your gateway needs to be able to reach you. If the device you
are pinging from is on the same network, you should be able to ping its gateway with no
issue. If that is not the case, you need to make sure that your trunks and VLAN IDs are set
properly.
If you are on a device that is on a different network (or VLAN), and you are not able to
ping the gateway IP address of VLAN 10 then performing a traceroute should help with
finding the error.

Example
VIRL VM on VLAN 1 (172.16.50.12)
virl@virl:~$ ping 172.16.1.2
Pinging 172.16.1.2 with 32 bytes of data:
Reply from 172.16.1.2: bytes=32 time=2ms TTL=255
Reply from 172.16.1.2: bytes=32 time=2ms TTL=255
Reply from 172.16.1.2: bytes=32 time=2ms TTL=255
Reply from 172.16.1.2: bytes=32 time=2ms TTL=255
Ping statistics for 172.16.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 2ms, Average = 2ms

VIRL White Paper

Page 4

Configure external connectivity using the FLAT network (ESXi Server)

Example traceroute
VIRL VM on VLAN 1 (172.16.50.55)
virl@virl:~$ traceroute n 172.16.1.2
traceroute to 172.16.1.2 (), 30 hops max, 60 byte packets
1 172.16.50.3 0.656 ms 0.609 ms 0.583 ms
2 172.16.50.4 0.505 ms 0.575 ms 0.633 ms
3 172.16.1.2 0.392 ms 0.417 ms 0.456 ms
NOTE:

If you are on Linux or Mac the command is traceroute n 172.16.1.2 The d and n options return
the numeric value of the hop rather than trying to resolve the name of the device. If you do not use the
command options then it can take a very long time to complete. This is especially true on Windows machines.
The Windows equivalent command is tracert -d

Step 9 Create topology in VM Maestro with the Management Network setting set to Private
Simulation Network and add a Flat Connector to each device you want to connect
TIP:

If you have multiple devices you can save time by configuring the default route before you run ANK. To do
this, select your node(s) > AutoNetKit > scroll down to Global under Custom Configuration. Enter default route
or any other command you wish to include (see illustration / screenshot on the following page).

Step 10 Click Build initial configurations button to configure each device in the simulation and
start your simulation when ready.

VIRL White Paper

Page 5

Configure external connectivity using the FLAT network (ESXi Server)

Step 11 Once your simulation has started, each node connected to a Flat-x connector will be
configured with an interface into the Flat network and will receive an IP address. In this
example, this is our configured VLAN 10 of 172.16.1.0/24. As shown below, you should
be able to connect to any of those IP addresses.

VIRL White Paper

Page 6

Configure external connectivity using the FLAT network (ESXi Server)

Step 12 You should now be able to connect to your physical network and the Internet. This is
especially helpful for customizing your server images. Once connected to your server
running in the simulation you can download packages as needed from Ubuntu repositories.
This facilitates when the simulation requires a web, mail or light SQL server. Of course,
you are not limited to these but you will be limited to available resources on the server
image.
Happy connecting!

VIRL White Paper

Page 7

VIRL White Paper

VLAN40

VLAN30

VLAN20

VLAN10

VMK0

NIC1

interface FastEthernet0/21
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,40
switchport mode trunk

NIC2

VLAN1

VIRL VM

ESXi Host

eth4

Init.

vSwitch 1

eth3

eth2

eth1

eth0

SNAT

Flat1

Flat

vSwitch 0

L3 Switch
Interface vlan 01 IP: 172.16.50.4
Interface vlan 10 IP: 172.16.1.2
Interface vlan 20 IP: 172.16.2.2
Interface vlan 30 IP: 172.16.3.2
Default route 172.16.50.3

Router
IP: 172.16.50.3
Routes:
172.16.1.0/24 172.16.50.4
172.16.2.0/24 172.16.50.4
172.16.3.0/24 172.16.50.4

## address on the L2 bridge port for debugging?

## Default is
l2_address: 172.16.1.254/24

## l2 bridge first and last address for dhcp allocation

## Default
l2_start_address: 172.16.1.50
l2_end_address: 172.16.1.253

## l2 network
## l2_network format is address/cidr format x.x.x.x/x
## Default
l2_network: 172.16.1.0/24
l2_mask: 255.255.255.0
l2_network_gateway: 172.16.1.2

## Physical Port and virtual bridge for L2 bridge

## Default
l2_port: eth1

## First flat connection (AKA flat) << VLAN10

Configure external connectivity using the FLAT network (ESXi Server)

Page 8