{"id":358,"date":"2019-07-27T20:18:58","date_gmt":"2019-07-27T12:18:58","guid":{"rendered":"https:\/\/kylemcdonald.com.au\/?p=358"},"modified":"2019-07-27T20:29:34","modified_gmt":"2019-07-27T12:29:34","slug":"validating-free-ips-on-a-non-routeable-subnet","status":"publish","type":"post","link":"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/","title":{"rendered":"Validating free IP’s on a non-routable subnet"},"content":{"rendered":"

In conjunction with my previous post about IP conflicts<\/a>, I thought I should share a script I created.<\/p>\n

When you are talking about the networking subnet that your VM’s live on, or the management subnet of your hosts, you can generally ping these from any number of tools that you may install on your laptop. What about your vMotion or iSCSI\/NFS subnets that don’t usually allow outside traffic?<\/p>\n

While most VMware administrators have heard of VMKping to test these subnets, it has a number of limitations. It’s really only useful for checking a few IP addresses at a time, and it can only be used from the CLI. Sometimes work policies or permissions don’t let you enable SSH or the DCUI for your hosts.<\/p>\n

What we can do, is use PowerCLI to emulate the behaviour of VMKping by connecting remotely to an ESXi host and running the Get-EsxCli command to ping an address. Now I do need to point out that the Get-EsxCli command has a 10-second timeout, so if you have a subnet with lots of free IP’s, it can take up to 15 minutes to check every IP in the subnet. At least you don’t have to do it manually!<\/p>\n

The following script lets you define the ESXi host to use for the work, plus the start and stop addresses of the subnet to check. You can find it on GitLab<\/a>.<\/p>\n

<#\r\n.SYNOPSIS\r\n    PowerCLI script to get an ESXi host to ping a subnet range.\r\n\r\n.DESCRIPTION\r\n    Quite often, VMware hosts have VMKernel interfaces that are in non-routable subnets for things like vMotion and iSCSI\/NFS traffic.\r\n    This means that to check for free IP's in those subnets, you have to either run discovery via SSH'ing to a switch or ESXi host or use scanning tools\r\n    on a VM with a vNIC on those subnets.\r\n\r\n    While slower than those options, this script is easier to use and doesn't require special permissions. Please note that this current release is \r\n    limited to the 10s timeout of Get-EsxCli, so a full ping of 254 IP's could take up to 15 minutes.\r\n\r\n.NOTES\r\n    Version: 1.0.0\r\n    Author: Kyle McDonald\r\n    Based on https:\/\/communities.vmware.com\/thread\/557360\r\n    Twitter: @KarmicIT\r\n    Github: https:\/\/gitlab.com\/KarmicIT\/public\r\n    Change Log\r\n        v1.0.0, 20190724 - KJM\r\n        + Initial version\r\n\r\n.LINK\r\n    https:\/\/gitlab.com\/KarmicIT\/public\/blob\/master\/Get-VMKping.ps1\r\n\r\n.PARAMETER PingSrcHost\r\n    ESXi host to use for the testing.\r\n\r\n.PARAMETER SubnetToPing\r\n    First three octets of the subnet to check.\r\n    i.e. to test 10.20.30.0\/24 enter 10.20.30\r\n\r\n.PARAMETER SubnetStartIP\r\n    Last octet of the subnet to start at. If this is excluded, it will start at .1\r\n\r\n.PARAMETER SubnetEndIP\r\n    Last octet of the subnet to finish at. If this is excluded, it will finish at .254\r\n\r\n.EXAMPLE\r\n    .\\Get-VMKping.ps1 -PingSrcHost esxi-01.domain.local -SubnetToPing 10.10.10 -SubnetStartIP 1 -SubnetEndIP 3\r\n\r\n    IPs to check: 3\r\n    HostAddr      %PacketLoss     Packets Sent    Packets Received\r\n    10.10.10.1    0               1               1\r\n    10.10.10.2    100             1               0\r\n    10.10.10.3    0               1               1\r\n\r\n    Done.\r\n    IPs used: 2\r\n    IPs free: 1\r\n\r\n#>\r\n\r\n#region CLI Parameters\r\nparam (\r\n    [Parameter(Mandatory = $False)][string]$PingSrcHost,\r\n    [Parameter(Mandatory = $False)][string]$SubnetToPing,\r\n    [Parameter(Mandatory = $False)][int]$SubnetStartIP,\r\n    [Parameter(Mandatory = $False)][int]$SubnetEndIP\r\n)\r\n#endregion\r\n\r\n#region Variables and Functions\r\nif (!$PingSrcHost) { $PingSrcHost = \"esxi-01.domain.local\" }\r\nif (!$SubnetToPing) { $SubnetToPing = \"10.10.10\" } # first 3 octects only\r\nif (!$SubnetStartIP) { $SubnetStartIP = \"1\" }\r\nif (!$SubnetEndIP) { $SubnetEndIP = \"254\" }\r\n$IPtoCheck = ($SubnetEndIP - $SubnetStartIP + 1)\r\n$esxcliHost = Get-EsxCli -VMHost $PingSrcHost -V2\r\n$arguments = $esxcliHost.network.diag.ping.CreateArgs()\r\n$arguments.count = 1\r\n$count = 0\r\n$IPUsed = 0\r\n$IPFree = 0\r\n#endregion\r\n\r\nWrite-Host \"`nIPs to check: $IPtoCheck\"\r\nWrite-Host \"HostAddr `t %PacketLoss `t Packets Sent `t Packets Received\"\r\n\r\n$SubnetStartIP..$SubnetEndIP | ForEach-Object {\r\n    $count++\r\n    $arguments.host = \"$SubnetToPing.$_\"\r\n    Write-Progress -Activity \"Checking IPs\" -CurrentOperation \"[IP $count of $IPtoCheck] $($arguments.host) Used: $IPUsed Free: $IPFree\" -PercentComplete (($count \/ $IPtoCheck) * 100)\r\n    $oReturn = $esxcliHost.network.diag.ping.Invoke($arguments)\r\n    if ( $($oReturn.Summary.PacketLost ) -eq \"0\") { $IPUsed++ } else { $IPFree++ }\r\n    Write-Host \"$($oReturn.Summary.HostAddr) `t $($oReturn.Summary.PacketLost) `t`t $($oReturn.Summary.Transmitted) `t`t $($oReturn.Summary.Recieved)\"\r\n}\r\n\r\nWrite-Host \"`nDone. `nIPs used: $IPUsed `nIPs free: $IPFree\"\r\n<\/pre>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
In conjunction with my previous post about IP conflicts, I thought I should share a script I created. When you are talking about the networking subnet that your VM’s live on, or the management subnet of your hosts, you can Continue reading   Validating free IP’s on a non-routable subnet<\/span>→<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\nValidating free IP's on a non-routable subnet - Kyle McDonald<\/title>\n<meta name=\"description\" content=\"use PowerCLI to emulate the behaviour of VMKping by connecting remotely to an ESXi host and running the Get-EsxCli command to ping an address\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Validating free IP's on a non-routable subnet - Kyle McDonald\" \/>\n<meta property=\"og:description\" content=\"use PowerCLI to emulate the behaviour of VMKping by connecting remotely to an ESXi host and running the Get-EsxCli command to ping an address\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/\" \/>\n<meta property=\"og:site_name\" content=\"Kyle McDonald\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-27T12:18:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-27T12:29:34+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:creator\" content=\"@KarmicIT\" \/>\n<meta name=\"twitter:site\" content=\"@KarmicIT\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kylemcdonald.com.au\/#website\",\"url\":\"https:\/\/kylemcdonald.com.au\/\",\"name\":\"Kyle McDonald\",\"description\":\"Perth-based IT enthusiast\",\"publisher\":{\"@id\":\"https:\/\/kylemcdonald.com.au\/#\/schema\/person\/f3fe27d0e0f57ef43e2444fbe8989906\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/kylemcdonald.com.au\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/#webpage\",\"url\":\"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/\",\"name\":\"Validating free IP's on a non-routable subnet - Kyle McDonald\",\"isPartOf\":{\"@id\":\"https:\/\/kylemcdonald.com.au\/#website\"},\"datePublished\":\"2019-07-27T12:18:58+00:00\",\"dateModified\":\"2019-07-27T12:29:34+00:00\",\"description\":\"use PowerCLI to emulate the behaviour of VMKping by connecting remotely to an ESXi host and running the Get-EsxCli command to ping an address\",\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/\"]}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/#webpage\"},\"author\":{\"@id\":\"https:\/\/kylemcdonald.com.au\/#\/schema\/person\/f3fe27d0e0f57ef43e2444fbe8989906\"},\"headline\":\"Validating free IP’s on a non-routable subnet\",\"datePublished\":\"2019-07-27T12:18:58+00:00\",\"dateModified\":\"2019-07-27T12:29:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/#webpage\"},\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kylemcdonald.com.au\/#\/schema\/person\/f3fe27d0e0f57ef43e2444fbe8989906\"},\"articleSection\":\"General\",\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kylemcdonald.com.au\/2019\/07\/27\/validating-free-ips-on-a-non-routeable-subnet\/#respond\"]}]},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/kylemcdonald.com.au\/#\/schema\/person\/f3fe27d0e0f57ef43e2444fbe8989906\",\"name\":\"Kyle McDonald\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/kylemcdonald.com.au\/#personlogo\",\"inLanguage\":\"en-AU\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/74b24af47c7a561be463563db3fa821c?s=96&d=mm&r=g\",\"caption\":\"Kyle McDonald\"},\"logo\":{\"@id\":\"https:\/\/kylemcdonald.com.au\/#personlogo\"},\"sameAs\":[\"http:\/\/au.linkedin.com\/in\/karmicit\",\"https:\/\/twitter.com\/KarmicIT\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/posts\/358"}],"collection":[{"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/comments?post=358"}],"version-history":[{"count":9,"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/posts\/358\/revisions"}],"predecessor-version":[{"id":370,"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/posts\/358\/revisions\/370"}],"wp:attachment":[{"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/media?parent=358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/categories?post=358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kylemcdonald.com.au\/wp-json\/wp\/v2\/tags?post=358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}