Vmware host routing

Hello EE,

I have guests on one host ( HOST1 - 192.168.40.101) that cannot ping guests on the other host ( HOST2 -192.168.40. 102.) However, HOST2  guests can ping HOST1 guests, so appears to be a routing issue . Please advise
davesnbAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rauenpcCommented:
Is there a firewall anywhere? Are the guests on the same subnet? Do the guests have the same default gateway configured? Have you checked that the physical switches have correctly configured ports/vlans? Do you vSwitches have the correct vlan tags (or lack thereof)? Do some of the guests have software firewalls enabled but others not?
0
davesnbAuthor Commented:
Is there a firewall anywhere?
-There is no firewall

Are the guests on the same subnet?
-The guests are on the same subnet

 Do the guests have the same default gateway configured?
-The guests from both hosts use the same default gateway (192.168.40.1)

 Have you checked that the physical switches have correctly configured ports/vlans?
-Yes, physical boxes are ok patched into the same phisical switch

Do your vSwitches have the correct vlan tags (or lack thereof)?
**Please explain

Do some of the guests have software firewalls enabled but others not?
-All windows OS, the firewall service is disabled on all.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
You have checked firewalls are OFF on the VMs ?

there is some weird connectivity issue occurring here....

192.168.40.101
192.168.40. 102

both of the above IP Addresses are on the same subnet, there is no routing required to reach them,

What are the VM IP Addresses ?

192.168.40.xxx ?

VMware ESXI does not provide any routing....

please upload screenshots of your networking.....
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Michael MachieFull-time technical multi-taskerCommented:
""Do your vSwitches have the correct vlan tags (or lack thereof)?
**Please explain""

I believe he is asking if the switch ports the computer is plugged in to is configured to allow that network scheme to speak to other devices in that scheme. Switch ports can be configured independently from each other on business class routers/switches. Using different vLANs (different IP schemes on the same network controlled by the switch) usually requires some configuration to have devices speak to each other across the vLANs and switch ports.

The machine that can ping properly may be set on a switch port that can speak to that scheme, whereas the same may not be true for the machine that cannot ping out properly.
0
davesnbAuthor Commented:
is there an independent setting on the vm guest instance ( or host instance) that deals with a "firewall"?
0
Michael MachieFull-time technical multi-taskerCommented:
Just the embedded firewall application within the VM's operating system if it has one.
VMWare itself does not have an embedded firewall.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
VMs can have a firewall, what is the OS ?
0
davesnbAuthor Commented:
The OS is 2012 and 2003 MS server . Where is the firewall setting on the vm guest instance ?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
On the Network Interface.
0
davesnbAuthor Commented:
Can you be more specific please, this is 5.5 vmware client , connected to vcenter server .. Where do I browse to this firewall setting
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The firewall settings are specific to the virtual machine OS, not vCenter Server, not vSphere Web Client.

Connect to the VM, via Console, RDP, and open Control Panel, and check Firewall is OFF.
0
davesnbAuthor Commented:
Right. As mentioned , the firewall service is disabled on all os
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
okay, can you upload screenshots of your hosts ESXi networking.
0
davesnbAuthor Commented:
Update;

I have a windows 2012 server "MQ1 - ip 192.168.40.194" on vm host 102 , and a windows 2012 server "MQ2 - ip 192.68.40.194" on vm host 101 . These MQ's are clustered using nlb with cluster ip 191 and 192, on tcp 1414 .

- Guests on 101 can ping all servers on 102 except "MQ1 - 192.168.40.194" . However, MQ2 can ping MQ1
- guests on 102 can ping all servers on 101 except "MQ2 -192.168.40.195". However, MQ1 can ping MQ2

All guest vm s on host 101 can ping the the cluster ip (40.192) each way , however there is no routing to the MQ1 (active) 1414 port which is clustered .

All physical servers on the same subnet ( 40.x) can ping MQ1 and telnet ok to port 1414.  All guest vms on the same host as MQ1 can ping and telnet ok to MQ1

Any ideas , much appreciated.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
okay, can you upload screenshots of your hosts ESXi networking. (repeated!)
0
davesnbAuthor Commented:
here is the 102 host networking config, the 101 would be similar ..
vmware102.jpg
vmware102-1.jpg
vmware102-2.jpg
vmware102-3.jpg
vmware102-4.jpg
vmware102-5.jpg
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
please upload 101 so I can compare, at present I cannot compare anything....
0
davesnbAuthor Commented:
0
davesnbAuthor Commented:
Any ideas on this ? When the nlb cluster is spread across 2 hosts , guests on 101 ( same subnet) cannot connect to the active MQ1 listener tcp 1414 on 102 . However, the physical servers on the same subnet have no issues.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
NLB is a different issue entirely.

This is the first time you've mentioned NLB?

is this Windows NLB ?
0
davesnbAuthor Commented:
Yes , this is windows nlb
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
and are all the issues with this?
0
davesnbAuthor Commented:
Yes , just with this connection.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Okay, Microsoft NLB cause many issues with VMware vSphere

1. Check you are using Multicast as recommended by VMware.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580

2. You must ensure that you have defined STATIC ARP entries on ALL your physical switches in your network, which you expect to see multicast traffic or NLB trafifc on or to.

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1006558
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
davesnbAuthor Commented:
Many thanks, the multicast mode needed to be enabled .
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.