Layer 2 over Layer 3 with vSwitch and Mikrotik virtual routers

I’ve trialled a number of different ideas to have a number of different vSwitches that have virtual machines attached, when dealing with a vSphere host that had a single interface. The problem lies in that only one of your vSwitches has a physical interface (uplink) present, which obviously means that traffic can go between the virtual machines on that vSwitch but can’t go northbound to other devices on the network. I decided to give the Mikrotik virtual router a go as it’s requirements are so tiny it doesn’t have a noticeable footprint on my small infrastructure (the virtual routers require 64MB of ram).

Using the two software routers it is possible to bridge interfaces on numerous vSwitches and then use EoIP to create another layer 2 bridge northbound over layer 3. In a simple example we will use two simple vSphere hosts (01 / 02), in real life both are a pair of Gigabyte Brix hosts that whilst good for small lab environments only have a single Gigabit interface. This is limiting with regards to what network based lab environments you can put together as any vSwitch that doesn’t have a physical interface can’t broadcast traffic anywhere other than inside that vSwitch and having different configurations on each host means that vmotion will break the hosts network connectivity.

Below is the configuration I currently have:

layer2 over layer3

 

Although not explicitly mentioned in the diagram the interface on vSwitch0 is ether1, this interface will be on the same vSwitch that has a physical interface and thus will allow outbound traffic from the esxi host. This interface will need configuring to enable connectivity to the switch and also to route out to the internet (if required).

 Configuring router01

Configure ether1

Enable the interface and assign a reachable address (192.168.0.2)

/interface enable ether1
/ip address add address=192.168.0.2/24 interface=ether1 comment="External Interface"

Also add another interface that will be used as an EoIP end point.

/ip address add address=10.0.0.1/24 interface=ether1 comment="EoIP endPoint"

Adding a default gateway (192.168.0.1) which is most peoples router.

/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1

Create an Ethernet over IP interface

This EoIP interface is required to encapsulate layer2 frames into layer3 packets that can be routed etc..

/interface eoip add comment="eoip interface" name="eoip01" remote-address=10.0.0.2 tunnel-id=1

Create a bridge and add interfaces

The bridge is required for allowing layer2 traffic between interfaces that will sit on the different vSwitches.

/interface bridge add comment="Bridge between vmnics" name=esx-bridge protocol-mode=rstp
/interface bridge port add bridge=esx-bridge interface=eoip01
/interface bridge port add bridge=esx-bridge interface=ether2

 

 Configuring router02

Configure ether1

Enable the interface and assign a reachable address (192.168.0.2)

/interface enable ether1
/ip address add address=192.168.0.3/24 interface=ether1 comment="External Interface"

Also add another interface that will be used as an EoIP end point.

/ip address add address=10.0.0.2/24 interface=ether1 comment="EoIP endPoint"

Adding a default gateway (192.168.0.1) which is most peoples router.

/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1

Create an Ethernet over IP interface

This EoIP interface is required to encapsulate layer2 frames into layer3 packets that can be routed etc..

/interface eoip add comment="eoip interface" name="eoip01" remote-address=10.0.0.1 tunnel-id=1

Create a bridge and add interfaces

The bridge is required for allowing layer2 traffic between interfaces that will sit on the different vSwitches.

/interface bridge add comment="Bridge between vmnics" name=esx-bridge protocol-mode=rstp
/interface bridge port add bridge=esx-bridge interface=eoip01
/interface bridge port add bridge=esx-bridge interface=ether2

 Testing and DHCP on vSwitch1

Connectivity between the two switches can be tested by pinging the alternative EoIP end points from either host.

e.g. router01 pinging 10.0.0.2 and vice-versa

The final testing is placing DHCP on your vSwitch1 interface and ensuring that clients on both sides of the network receive DHCP leases.

Creating the DHCP pool

/ip pool add name=vswitch1_pool  ranges 172.16.0.2-172.16.0.254

Creating the DHCP server

/ip dhcp-server add address-pool=vswitch1_pool disabled=no interface=ether2 name=vswitch1_dhcp

Then

 

One thought on “Layer 2 over Layer 3 with vSwitch and Mikrotik virtual routers”

  1. Hey Dan,

    I have the same setup you as your diagram and can’t make it work (router 1 can’t ping router 2 neither does one test VM can get IP from DHCP). Can you give me some pointers regarding this matter?

    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *