We have discovered an odd problem with 2 of our more recent ESXi 5 u1 hosts.
We have a small number of guests on a hosts dealing with email. There are 2x Linux guests (Fedora 16) running ver4 hardware with no Vmware tools installed (email guy thinks it’s more hassle than its worth – his call I suppose as he is supporting them!!) with a single “Flexible” network adapter each.
A fault was raised by the email guy that his Linux guests could see all network traffic on the ESXi host. I thought odd, and double checked the settings for the vSwitch. Promisc mode on the vSwitch is set to reject on the port group and vSwitch. I had a Fedora 15 guest (ver 7 hardware) knocking around which I was using on another project, copied that across and fired that up. Loaded up wireshark and nothing, only broadcasts. Turned on promisc on the vswitch and port group and as expected, got everything that was floating through the vSwitch.
This is not an isolated incident, we have a 2nd host at our DR site which is doing the same thing! From what I can gather, the Linux machines are built from the same base VM image that our email guy has, then tweaked depending upon the job. Again, no vmware tools were installed on this guest.
However, what I can’t get my head around is how these Linux email guests are able to see traffic not destined for it in the first place, and my sniffer was unable to replicate the issue! The only thing I can think, and can see that’s different is the hardware of our email guy’s servers are ver 4 hardware…
Any ideas? I am at a complete loss!
