Solved

Vmware host routing

Posted on 2014-07-25
25
277 Views
Last Modified: 2014-08-08
Hello EE,

I have guests on one host ( HOST1 - 192.168.40.101) that cannot ping guests on the other host ( HOST2 -192.168.40. 102.) However, HOST2  guests can ping HOST1 guests, so appears to be a routing issue . Please advise
0
Comment
Question by:davesnb
  • 12
  • 10
  • 2
  • +1
25 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 40219817
Is there a firewall anywhere? Are the guests on the same subnet? Do the guests have the same default gateway configured? Have you checked that the physical switches have correctly configured ports/vlans? Do you vSwitches have the correct vlan tags (or lack thereof)? Do some of the guests have software firewalls enabled but others not?
0
 

Author Comment

by:davesnb
ID: 40219853
Is there a firewall anywhere?
-There is no firewall

Are the guests on the same subnet?
-The guests are on the same subnet

 Do the guests have the same default gateway configured?
-The guests from both hosts use the same default gateway (192.168.40.1)

 Have you checked that the physical switches have correctly configured ports/vlans?
-Yes, physical boxes are ok patched into the same phisical switch

Do your vSwitches have the correct vlan tags (or lack thereof)?
**Please explain

Do some of the guests have software firewalls enabled but others not?
-All windows OS, the firewall service is disabled on all.
0
 
LVL 118
ID: 40219911
You have checked firewalls are OFF on the VMs ?

there is some weird connectivity issue occurring here....

192.168.40.101
192.168.40. 102

both of the above IP Addresses are on the same subnet, there is no routing required to reach them,

What are the VM IP Addresses ?

192.168.40.xxx ?

VMware ESXI does not provide any routing....

please upload screenshots of your networking.....
0
 
LVL 13

Expert Comment

by:Michael Machie
ID: 40219930
""Do your vSwitches have the correct vlan tags (or lack thereof)?
**Please explain""

I believe he is asking if the switch ports the computer is plugged in to is configured to allow that network scheme to speak to other devices in that scheme. Switch ports can be configured independently from each other on business class routers/switches. Using different vLANs (different IP schemes on the same network controlled by the switch) usually requires some configuration to have devices speak to each other across the vLANs and switch ports.

The machine that can ping properly may be set on a switch port that can speak to that scheme, whereas the same may not be true for the machine that cannot ping out properly.
0
 

Author Comment

by:davesnb
ID: 40219972
is there an independent setting on the vm guest instance ( or host instance) that deals with a "firewall"?
0
 
LVL 13

Expert Comment

by:Michael Machie
ID: 40220032
Just the embedded firewall application within the VM's operating system if it has one.
VMWare itself does not have an embedded firewall.
0
 
LVL 118
ID: 40220233
VMs can have a firewall, what is the OS ?
0
 

Author Comment

by:davesnb
ID: 40220238
The OS is 2012 and 2003 MS server . Where is the firewall setting on the vm guest instance ?
0
 
LVL 118
ID: 40220246
On the Network Interface.
0
 

Author Comment

by:davesnb
ID: 40220268
Can you be more specific please, this is 5.5 vmware client , connected to vcenter server .. Where do I browse to this firewall setting
0
 
LVL 118
ID: 40220494
The firewall settings are specific to the virtual machine OS, not vCenter Server, not vSphere Web Client.

Connect to the VM, via Console, RDP, and open Control Panel, and check Firewall is OFF.
0
 

Author Comment

by:davesnb
ID: 40220502
Right. As mentioned , the firewall service is disabled on all os
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 118
ID: 40220521
okay, can you upload screenshots of your hosts ESXi networking.
0
 

Author Comment

by:davesnb
ID: 40224313
Update;

I have a windows 2012 server "MQ1 - ip 192.168.40.194" on vm host 102 , and a windows 2012 server "MQ2 - ip 192.68.40.194" on vm host 101 . These MQ's are clustered using nlb with cluster ip 191 and 192, on tcp 1414 .

- Guests on 101 can ping all servers on 102 except "MQ1 - 192.168.40.194" . However, MQ2 can ping MQ1
- guests on 102 can ping all servers on 101 except "MQ2 -192.168.40.195". However, MQ1 can ping MQ2

All guest vm s on host 101 can ping the the cluster ip (40.192) each way , however there is no routing to the MQ1 (active) 1414 port which is clustered .

All physical servers on the same subnet ( 40.x) can ping MQ1 and telnet ok to port 1414.  All guest vms on the same host as MQ1 can ping and telnet ok to MQ1

Any ideas , much appreciated.
0
 
LVL 118
ID: 40224342
okay, can you upload screenshots of your hosts ESXi networking. (repeated!)
0
 

Author Comment

by:davesnb
ID: 40224568
here is the 102 host networking config, the 101 would be similar ..
vmware102.jpg
vmware102-1.jpg
vmware102-2.jpg
vmware102-3.jpg
vmware102-4.jpg
vmware102-5.jpg
0
 
LVL 118
ID: 40224575
please upload 101 so I can compare, at present I cannot compare anything....
0
 

Author Comment

by:davesnb
ID: 40224602
0
 

Author Comment

by:davesnb
ID: 40226685
Any ideas on this ? When the nlb cluster is spread across 2 hosts , guests on 101 ( same subnet) cannot connect to the active MQ1 listener tcp 1414 on 102 . However, the physical servers on the same subnet have no issues.
0
 
LVL 118
ID: 40226722
NLB is a different issue entirely.

This is the first time you've mentioned NLB?

is this Windows NLB ?
0
 

Author Comment

by:davesnb
ID: 40226737
Yes , this is windows nlb
0
 
LVL 118
ID: 40226795
and are all the issues with this?
0
 

Author Comment

by:davesnb
ID: 40226902
Yes , just with this connection.
0
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 40226924
Okay, Microsoft NLB cause many issues with VMware vSphere

1. Check you are using Multicast as recommended by VMware.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580

2. You must ensure that you have defined STATIC ARP entries on ALL your physical switches in your network, which you expect to see multicast traffic or NLB trafifc on or to.

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1006558
0
 

Author Closing Comment

by:davesnb
ID: 40248948
Many thanks, the multicast mode needed to be enabled .
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now