Learn how this leading hypervisor works on Packet bare metal.
Packet supports ESXi 6.5 as installable operating systems for most of its x86 bare metal server configurations. With VMware ESXi, you can easily partition your server into virtual machines.
️ Note: this option is not available on our c1.large.arm ARMv8 server.
By default our ESXi image injects a root password (which can be used for the ESXi Web Interface and the SOS Console login prompt), in addition to any SSH keys you may have opted for during the configuring your server. Our portal will display the root password for the first 24 hours. After which, the root password will no longer be visible for security reasons, so please make a note of it or change it to one you know. Your SSH key will work for the lifespan of the system, but be aware that ESXi does not support cloud-init so adding an SSH key via the portal or API will not add it to the host for the root account. This will need to be done manually.
ESXi SSD Performance Bug
If you have noticed degraded performance on your ESXi deployment, there is a known bug you can read more here. However, as of 6.5 Update 1 this issue is resolved. All new installs of ESXi 6.5 have this update applied.
The following string will correct the performance issue by allowing ESXi to revert to legacy ahci.
>> esxcli system module set --enabled=false --module=vmw_ahci
ESXi Root Lockout
In ESXi 6.0+ a security feature was implemented lockout the root user for safety. After a number of failed login attempts, the server will trigger a lockout. This is a good safety measure for when you have public facing servers and is even important for internally exposed servers on your corporate network. We can’t always assume that it’s external bad actors who are the only ones attempting to breach your devices.
During provisioning our platform injects SSH Keys to the device and disables password based logins over SSH. This prevents lockouts caused by bad actors attempting to brute force SSH login attempts under normal situations. You can use those keys to reset the root lockout by running command:
[root@esxi6:~] pam_tally2 --user root --reset
The output would include how many attempts, the last attempt (date) & IP:
Login Failures Latest failure From root 132 11/29/17 220.127.116.11 [root@esxi6:~]
Once the reset has been completed, it's suggested to utilize ESXi firewall to limit access to default SSH port 22 to only those authorized and/or alternate the default port to something specific for your use case.
Packet does not offer licensing for ESXi at this time. By default, the OS comes with a 60-day evaluation license. If you would like to utilize it beyond the 60-days you will need to acquire a license from VMware and activate it on your Packet machine(s) directly.
Every new ESXi server comes with a default /29 Public IP block where you have 4 usable IPs for your VMs. From these 8 IPs:
1st - network
2nd - gateway
3rd - management
4th - available
5th - available
6th - available
7th - available
8th - broadcast
If you need more IPs, we also offer the ability to provision with a custom /28 Public IP block. With this bigger block, you will have 12 usable IPs. From the portal, when provisioning a new server, after selecting ESXi as the OS, you will see an additional option under Manage
Note! These additional IPs will get charged at the regular public IPv4 rates of $0.005/hr per IP
Networking Between Hosts Using Layer 2
The particular use case outlined here suggests that you have 2 ESXi hosts in a cluster in the same datacenter. Using our Layer 2 feature is a great way to connect virtual machines in ESXi together via a private network.
️ Note: L2 is readily available in our AMS1, EWR1, NRT1, and SJC1 locations.
vSwitch0 & Private Network Connectivity
In the default setup, you should have two vmkernel interfaces configured with vSwitch0, one with your management IP address assigned during provisioning and one with the private network address also assigned during provisioning. By default only one of the Physical NICs is connected to vSwitch0. This is due to the packet network using LACP for network link bonding, and that not being an option in the free version of ESXi.
Example Network Outputs:
[root@centos1 ~]# ip a | grep ens 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 inet 18.104.22.168/29 brd 22.214.171.124 scope global ens192 3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 inet 192.168.0.11/24 brd 192.168.0.255 scope global ens224 [root@centos2 ~]# ip a | grep ens 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 inet 126.96.36.199/29 brd 188.8.131.52 scope global ens192 3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 inet 192.168.0.12/24 brd 192.168.0.255 scope global ens224 [root@centos1 ~]# ping -c2 192.168.0.12 PING 192.168.0.12 (192.168.0.12) 56(84) bytes of data. 64 bytes from 192.168.0.12: icmp_seq=1 ttl=64 time=0.402 ms 64 bytes from 192.168.0.12: icmp_seq=2 ttl=64 time=0.270 ms --- 192.168.0.12 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.270/0.336/0.402/0.066 ms [root@centos2 ~]# ping -c2 192.168.0.11 PING 192.168.0.11 (192.168.0.11) 56(84) bytes of data. 64 bytes from 192.168.0.11: icmp_seq=1 ttl=64 time=0.382 ms 64 bytes from 192.168.0.11: icmp_seq=2 ttl=64 time=0.233 ms --- 192.168.0.11 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.233/0.307/0.382/0.076 ms