Requirement for VMware promiscuous mode for Charon-PDP, Charon-VAX, and Charon-AXP (running Tru64, OpenVMS, and RSX11)
Purpose
Customers sometimes have to be provided justification of why promiscuous mode is required for CHARON implementation on VMware and other hypervisors. The following article provides an explanation and outlines what needs to be done. This requirement only concerns Charon-PDP, Charon-VAX, and Charon-AXP products running on Microsoft Windows.
Description
The legacy DECnet protocol stack is mandatory for both VAX/VMS and AXP/OpenVMS. It links the MAC address of the network adapter to the DECnet address on the VMS node. Even if DECnet is not actively used by a particular VMS instance, it is being initialized and presented on the VMS node. Hence, in order to provide VMS networking functionality, CHARON would have to manage changing the MAC addresse(s) of the physical and virtual network adapters.
Unfortunately, the ability to actually change the MAC address in the Windows environment depends on the particular physical network adapter, firmware, and driver version in use. Additionally, this operation is not always reliable. Sometimes Windows reports success even though the attempt has failed, resulting in a loss of network connectivity.
By default CHARON works around this problem by enabling promiscuous mode on the affected network interfaces, receiving all network packets and discarding packets not addressed to it. Taking into account the clever behavior of modern network switches (and sane configuration of the virtual interconnect), CHARON receives only a marginal amount of the superfluous traffic.
If the emulator host is running in a Hypervisor such as Vmware ESXi or Oracle VM, promiscuous mode should be enabled for vNICs dedicated to Charon.
If enabling promiscuous mode is problematic for some reason, some workarounds exist, though certain restrictions apply
- adding a configuration option 'legacy_mode' to Charon configuration forces Charon to attempt MAC address change; it should be extensively tested in each particular case
- The target MAC address for each adapter has to be explicitly set on 3 levels: VMware VM level, Hosting OS level, and Charon configuration file level.
Step-by-step guide for VMware ESXi
- The Charon VM has at least two virtual NICs.
- One vNIC is used for Host OS networking with its standard protocols.
- The second vNIC is used for CHARON networking ONLY and must NOT have Host OS protocols enabled on it.
E1000 network adapters only should be used for Charon up to version 4.9 included, not E1000E adapters. Versions 4.10 and above support E1000, E1000E and VMXNETx adapters.
- Applicable to Windows - the only protocol enabled is a custom NDIS protocol supplied by Stromasys as part of the emulation software. (This NDIS protocol acts as a pass through for networking traffic to the VMS network stack running in the CHARON application)
- The port group to which the CHARON NIC is assigned needs to have Promiscuous mode set to Accept. The Security-tab settings for MAC-Address-Change and Forged-Transmit must also be Accept (usually the default setting).
To minimize the impact of enabling promiscuous mode, it is recommended placing the CHARON VM (or just the CHARON vNIC, if possible) in its own port group. The setting does not need to be applied to the vSwitch, just the port group. Therefore the "extra" traffic will flow only to that port group and other VMs on the vSwitch will not be affected.
If the VM is set up for vMotion, all other host Distributed vSwitches to which this VM might move must have an identical port group set up (so network context is not lost during vMotion).
Related articles
© Stromasys, 1999-2024 - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.