Sometimes networks are so firewalled off that you need management appliances with 2 network interfaces to manage the devices inside the quarantined network. This is sometimes true for network device management, where there’s no way to connect to the switch, router, firewall, or load balancer over the regular network and a jump host is always needed. If you want to monitor them, the monitoring appliances would have 1 interface in the quarantined network and 1 interface in a network where it can be accessed by admins. While it’s a different discussion about whether that’s safe or not (compromise the monitoring appliance, compromise the quarantined network), it’s a standard in certain environments.
That brings me to this post. The vRealize Network Insight collector appliances do not support having 2 network interfaces, but it is possible. What follows is not supported by VMware, and you’ll also have to reconfigure this every time you upgrade or reconfigure the network via the consoleuser CLI.
Add Second Network Interface
In vCenter, add a second network interface to the collector appliance and take note of its newly generated MAC address:
This collector is primarily connected via VMnet-VLAN20, which has a default route that connects to the vRNI platform appliance. The network called Isolated is the network where the quarantined network devices are. Again, copy the MAC address here – you’ll need it.
Network Interface Configuration
Next up is configuring it in the collector appliance. vRNI uses Ubuntu as its operating system and we’ll be using the system network configuration to configure the new network interface. Ubuntu will recognize new network interfaces on the fly; you don’t have to reboot. Now, log into the collector appliance using the support user and check how the new interface is named using the command ip -c link
:
As you can see, the MAC address of eth1 matches the one we got from vCenter. Luckily, it’s pretty predictable that the new interface will be named eth1, but it’s always good to double-check.
/etc/network/interfaces
Ubuntu stores its network configuration in /etc/network/interfaces, which can be modified using the command: sudo vi /etc/network/interfaces
. Here’s an example of how the configuration should look, including the new network interface eth1:
The last line isn’t necessary per se, it’s an extra tidbit in this environment. The quarantined network consists of a couple of VLANs that are routed and 192.168.1.1 is the router there. While the IP range where the collector resides is 192.168.1.0/24, the IP subnet 192.168.2.0/24 also hosts some network devices. Those need to be monitored by vRNI as well, hence the route. :-). If you just have a single subnet, you can leave that part out.
Activate Configuration
You could just issue the command sudo service networking restart
– but I always like to make sure the change persists throughout reboots. Run sudo reboot
to restart the collector and when it’s back, run ifconfig
to see if your change is there:
Conclusion
Although unsupported, it is possible to add multiple network interfaces to the vRealize Network Insight collectors, so that they can monitor devices in quarantined/isolated networks.
The reason why it’s unsupported is straightforward. Whenever the vRNI consoleuser CLI or upgrade process reconfigures the network, it overwrites the /etc/network/interfaces file with only the configuration for eth0. If you create a backup of that file and remember to restore it when needed, you’ll be fine.
Leave a Reply