Introduction of VyOS into a home network with VMWare vSphere

harro1968 · October 21, 2018, 10:36am

Hi all,

I wanted to run a scenario past the group for advice.

Current environment depicted at http://boat.mwaa.com.au/current_network.jpg

I currently have a pretty standard home network ( perhaps apart from the VMWare vSphere environment). Standard cable modem, that provides the Wireless and LAN functions for my network. I then have 5 VMWare ESXi Servers on the network managed by a vCenter Appliance. All of my devices - wireless devices, ESXi servers, virtual machines, media players etc, all are on a single network (192.168.239.x).

Due to the functions of various virtual machines, there is a bit of port forwarding that the cable modem does also.

Proposed environment depicted at http://boat.mwaa.com.au/proposed_network.jpg

I have several classes of users that access my home environment, each with differing security and access requirements, and I would like to use the VyOS router ( as a VMWare appliance ) to manage all of this, that is the routing and port forwarding firewall rules etc.

I’m pretty sure I can do some of this just within the vSphere environment but I would like to adopt the VyOS approach as I want to move the firewall processing off the cable modem, and at some stage would like to “migrate” off vSphere onto an open source KVM platform.

I know this isn’t a VMware forum, but I’m looking at the documentation for that and it looks like you can create multiple virtual switches inside of ESXi, have them isolated from each other and have the “upload” port of each virtual switch pointing to a single upstream IP gateway, which I’m assuming can be the internal side of the VyOS appliance.

I’m also assuming you need to have multiple VMWare networks supporting the VyOS appliance because it needs to service the public and private networks.

Another reason for wanting to have these networks spread across the different ESXi server is because of workloads, and as they change over time, I need to be able to move virtual machines from one host to another and still manage the access etc. It would be nice if I could dedicate a particular ESXi host to one user segment, but that’s not practical in my circumstances.

I haven’t shown other components of the network such as the OpenVPN and DNS virtual machines for clarity.

All devices are patched into a single 24 Port unmanaged switch.

Does this look like a reasonable approach to solving my design using VyOS?

kind regards

David

hagbard · October 21, 2018, 6:41pm

I only get 404 when I try to check your images.
You can have multiple vswitches in vmware, personally I would do it via vlans and trunk them on your core switch.

harro1968 · October 21, 2018, 9:23pm

Thanks for your response.

URL’s in my post above fixed.

David

hagbard · October 21, 2018, 10:22pm

Cool thanks.
IN your propose setup, the vyos router doesn’t make any sense. If I interpret that correctly, you have all networks on the esxi instances anyway. Basically your current doesn’t technically differ from the proposed one.
If you replace your cable modem or you have the router after the cable modem stand alone, then you can route traffic to esxi.