thevirtualdude
asked on
Guest VM network connection lost at random
Our setup
We have two ESXi 4.1 (348481) servers, each connected to the LAN via three vSwitches:
- one vSwitch with a Service Console port group and 2 physical NICs
- one vSwitch with a VMotion port group and 2 physical NICs
- one vSwitch with a iSCSI port group and 2 physical NICs
- one vSwitch with several VMNetwork port groups, one for each VLAN (DMZ=VLAN 3, SERVERS=VLAN 10 and PG_APPS=VLAN 0 (default), with 2 physical NICs in an active/active configuration and Trk11 and Trk12
All physical NICs connect to a HP Procurve 5406zl switch on which all the linked ports have the VLANs in use set in tagged mode. i.e.:
DEFAULT_VLAN=1 Trk11 and Trk12 are untagged
VLAN_3 Trk11 and Trk12 are tagged
VLAN_10 Trk11 and Trk12 are tagged
The vSwitches are set up as follows:
- Promiscuous Mode: Reject
- MAC Address Changes: Accept
- Forged Transmits: Accept
- Traffic shaping: disabled
- Load Balancing: Route based on IP Hash
- Network Failover Detection: Link status only
- Notify switches: Yes
- Failback: Yes
Our problem
Since very recently VM's on the VLAN 10 network randomly lose network connections. Windows does not show the link as disconnected, but still cannot get traffic in or out to other systems, except to guests that are on the same ESX server (which soft of makes sense as this traffic never actually touches the physical adapter). The really weird bits are:
- A single VM on one ESX may suddenly have this problem at any time, while the other VM's on the same ESX still work fine
- A single VM may have this problem on one NIC but not on both, or sometimes on both cards at the same time
- Neither Windows or VMware report any issues/events/etc.
- Restarting the disabling and enabling the NIC in within the VM reconnects it to the network.
Does anyone have experience with issues like these? Is this a known issue (I could not find any info on this while search through the discussions here)?
Any help would be greatly appreciated!
We have two ESXi 4.1 (348481) servers, each connected to the LAN via three vSwitches:
- one vSwitch with a Service Console port group and 2 physical NICs
- one vSwitch with a VMotion port group and 2 physical NICs
- one vSwitch with a iSCSI port group and 2 physical NICs
- one vSwitch with several VMNetwork port groups, one for each VLAN (DMZ=VLAN 3, SERVERS=VLAN 10 and PG_APPS=VLAN 0 (default), with 2 physical NICs in an active/active configuration and Trk11 and Trk12
All physical NICs connect to a HP Procurve 5406zl switch on which all the linked ports have the VLANs in use set in tagged mode. i.e.:
DEFAULT_VLAN=1 Trk11 and Trk12 are untagged
VLAN_3 Trk11 and Trk12 are tagged
VLAN_10 Trk11 and Trk12 are tagged
The vSwitches are set up as follows:
- Promiscuous Mode: Reject
- MAC Address Changes: Accept
- Forged Transmits: Accept
- Traffic shaping: disabled
- Load Balancing: Route based on IP Hash
- Network Failover Detection: Link status only
- Notify switches: Yes
- Failback: Yes
Our problem
Since very recently VM's on the VLAN 10 network randomly lose network connections. Windows does not show the link as disconnected, but still cannot get traffic in or out to other systems, except to guests that are on the same ESX server (which soft of makes sense as this traffic never actually touches the physical adapter). The really weird bits are:
- A single VM on one ESX may suddenly have this problem at any time, while the other VM's on the same ESX still work fine
- A single VM may have this problem on one NIC but not on both, or sometimes on both cards at the same time
- Neither Windows or VMware report any issues/events/etc.
- Restarting the disabling and enabling the NIC in within the VM reconnects it to the network.
Does anyone have experience with issues like these? Is this a known issue (I could not find any info on this while search through the discussions here)?
Any help would be greatly appreciated!
ASKER
Yes, correct Trk, not LACP
is spanning tree protocol enabled?
ASKER
Yes it is.
One thing you might do is check the physical switch(es) when this happens and see if the arp tables contain the MAC address for the affected VM. if that happens, you might try changing your load balancing back to originating port and see if the behavior stops.
ASKER
@danm66 - I just checked and Spanning Tree is disabled on that switch. Think that might be it?
ASKER
Do you know if there is a way to just enable STP on just the ports that the ESX servers are connected to and not the entire switch? If so, thoughts on the command-line?
I have a separate VLAN on the same switch dedicated to iSCSI traffic and think STP may not be good for iscsi.
Thank you so far for the assistance!
I have a separate VLAN on the same switch dedicated to iSCSI traffic and think STP may not be good for iscsi.
Thank you so far for the assistance!
Yes, you should be able to enable it by switchport. Here's a configuration example for Cisco from http://kb.vmware.com/kb/1004074
interface GigabitEthernet1/2
switchport (Set to layer 2 switching)
switchport trunk encapsulation dot1q (ESX only supports dot1q, not ISL)
switchport trunk allowed vlan 10-100 (Allowed VLAN to ESX . Ensure ESX VLANs are allowed)
switchport mode trunk (Set to Trunk Mode)
switchport nonegotiate (DTP is not supported)
no ip address
no cdp enable (ESX 3.5 supports CDP)
spanning-tree portfast trunk (Enables portfast feature- port forwarding)
interface GigabitEthernet1/2
switchport (Set to layer 2 switching)
switchport trunk encapsulation dot1q (ESX only supports dot1q, not ISL)
switchport trunk allowed vlan 10-100 (Allowed VLAN to ESX . Ensure ESX VLANs are allowed)
switchport mode trunk (Set to Trunk Mode)
switchport nonegotiate (DTP is not supported)
no ip address
no cdp enable (ESX 3.5 supports CDP)
spanning-tree portfast trunk (Enables portfast feature- port forwarding)
ASKER
A reference to another KB within the one you mention above: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003804
...mentions that another way to resolved that issue would be to disable STP, which in my case is true. Mine is disabled and I still experience the issue.
I am a little nervous about enabling STP on the switch only because I have an iSCSI vlan on the same switch. I need to confirm that I can enable STP per port on an HP procurve switch.
...mentions that another way to resolved that issue would be to disable STP, which in my case is true. Mine is disabled and I still experience the issue.
I am a little nervous about enabling STP on the switch only because I have an iSCSI vlan on the same switch. I need to confirm that I can enable STP per port on an HP procurve switch.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
Just a quick one, is your trunk configured as a trunk and not "LACP"?
Cheers,