Solved

Vmware host routing

Posted on 2014-07-25
25
276 Views
Last Modified: 2014-08-08
Hello EE,

I have guests on one host ( HOST1 - 192.168.40.101) that cannot ping guests on the other host ( HOST2 -192.168.40. 102.) However, HOST2  guests can ping HOST1 guests, so appears to be a routing issue . Please advise
0
Comment
Question by:davesnb
  • 12
  • 10
  • 2
  • +1
25 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 40219817
Is there a firewall anywhere? Are the guests on the same subnet? Do the guests have the same default gateway configured? Have you checked that the physical switches have correctly configured ports/vlans? Do you vSwitches have the correct vlan tags (or lack thereof)? Do some of the guests have software firewalls enabled but others not?
0
 

Author Comment

by:davesnb
ID: 40219853
Is there a firewall anywhere?
-There is no firewall

Are the guests on the same subnet?
-The guests are on the same subnet

 Do the guests have the same default gateway configured?
-The guests from both hosts use the same default gateway (192.168.40.1)

 Have you checked that the physical switches have correctly configured ports/vlans?
-Yes, physical boxes are ok patched into the same phisical switch

Do your vSwitches have the correct vlan tags (or lack thereof)?
**Please explain

Do some of the guests have software firewalls enabled but others not?
-All windows OS, the firewall service is disabled on all.
0
 
LVL 117
ID: 40219911
You have checked firewalls are OFF on the VMs ?

there is some weird connectivity issue occurring here....

192.168.40.101
192.168.40. 102

both of the above IP Addresses are on the same subnet, there is no routing required to reach them,

What are the VM IP Addresses ?

192.168.40.xxx ?

VMware ESXI does not provide any routing....

please upload screenshots of your networking.....
0
 
LVL 13

Expert Comment

by:Michael Machie
ID: 40219930
""Do your vSwitches have the correct vlan tags (or lack thereof)?
**Please explain""

I believe he is asking if the switch ports the computer is plugged in to is configured to allow that network scheme to speak to other devices in that scheme. Switch ports can be configured independently from each other on business class routers/switches. Using different vLANs (different IP schemes on the same network controlled by the switch) usually requires some configuration to have devices speak to each other across the vLANs and switch ports.

The machine that can ping properly may be set on a switch port that can speak to that scheme, whereas the same may not be true for the machine that cannot ping out properly.
0
 

Author Comment

by:davesnb
ID: 40219972
is there an independent setting on the vm guest instance ( or host instance) that deals with a "firewall"?
0
 
LVL 13

Expert Comment

by:Michael Machie
ID: 40220032
Just the embedded firewall application within the VM's operating system if it has one.
VMWare itself does not have an embedded firewall.
0
 
LVL 117
ID: 40220233
VMs can have a firewall, what is the OS ?
0
 

Author Comment

by:davesnb
ID: 40220238
The OS is 2012 and 2003 MS server . Where is the firewall setting on the vm guest instance ?
0
 
LVL 117
ID: 40220246
On the Network Interface.
0
 

Author Comment

by:davesnb
ID: 40220268
Can you be more specific please, this is 5.5 vmware client , connected to vcenter server .. Where do I browse to this firewall setting
0
 
LVL 117
ID: 40220494
The firewall settings are specific to the virtual machine OS, not vCenter Server, not vSphere Web Client.

Connect to the VM, via Console, RDP, and open Control Panel, and check Firewall is OFF.
0
 

Author Comment

by:davesnb
ID: 40220502
Right. As mentioned , the firewall service is disabled on all os
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 117
ID: 40220521
okay, can you upload screenshots of your hosts ESXi networking.
0
 

Author Comment

by:davesnb
ID: 40224313
Update;

I have a windows 2012 server "MQ1 - ip 192.168.40.194" on vm host 102 , and a windows 2012 server "MQ2 - ip 192.68.40.194" on vm host 101 . These MQ's are clustered using nlb with cluster ip 191 and 192, on tcp 1414 .

- Guests on 101 can ping all servers on 102 except "MQ1 - 192.168.40.194" . However, MQ2 can ping MQ1
- guests on 102 can ping all servers on 101 except "MQ2 -192.168.40.195". However, MQ1 can ping MQ2

All guest vm s on host 101 can ping the the cluster ip (40.192) each way , however there is no routing to the MQ1 (active) 1414 port which is clustered .

All physical servers on the same subnet ( 40.x) can ping MQ1 and telnet ok to port 1414.  All guest vms on the same host as MQ1 can ping and telnet ok to MQ1

Any ideas , much appreciated.
0
 
LVL 117
ID: 40224342
okay, can you upload screenshots of your hosts ESXi networking. (repeated!)
0
 

Author Comment

by:davesnb
ID: 40224568
here is the 102 host networking config, the 101 would be similar ..
vmware102.jpg
vmware102-1.jpg
vmware102-2.jpg
vmware102-3.jpg
vmware102-4.jpg
vmware102-5.jpg
0
 
LVL 117
ID: 40224575
please upload 101 so I can compare, at present I cannot compare anything....
0
 

Author Comment

by:davesnb
ID: 40224602
0
 

Author Comment

by:davesnb
ID: 40226685
Any ideas on this ? When the nlb cluster is spread across 2 hosts , guests on 101 ( same subnet) cannot connect to the active MQ1 listener tcp 1414 on 102 . However, the physical servers on the same subnet have no issues.
0
 
LVL 117
ID: 40226722
NLB is a different issue entirely.

This is the first time you've mentioned NLB?

is this Windows NLB ?
0
 

Author Comment

by:davesnb
ID: 40226737
Yes , this is windows nlb
0
 
LVL 117
ID: 40226795
and are all the issues with this?
0
 

Author Comment

by:davesnb
ID: 40226902
Yes , just with this connection.
0
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 40226924
Okay, Microsoft NLB cause many issues with VMware vSphere

1. Check you are using Multicast as recommended by VMware.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580

2. You must ensure that you have defined STATIC ARP entries on ALL your physical switches in your network, which you expect to see multicast traffic or NLB trafifc on or to.

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1006558
0
 

Author Closing Comment

by:davesnb
ID: 40248948
Many thanks, the multicast mode needed to be enabled .
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

HOW TO: Upload an ISO image to a VMware datastore for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere Host Client, and checking its MD5 checksum signature is correct.  It's a good idea to compare checksums, because many installat…
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now