Solved

Vmware host routing

Posted on 2014-07-25
25
279 Views
Last Modified: 2014-08-08
Hello EE,

I have guests on one host ( HOST1 - 192.168.40.101) that cannot ping guests on the other host ( HOST2 -192.168.40. 102.) However, HOST2  guests can ping HOST1 guests, so appears to be a routing issue . Please advise
0
Comment
Question by:davesnb
  • 12
  • 10
  • 2
  • +1
25 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 40219817
Is there a firewall anywhere? Are the guests on the same subnet? Do the guests have the same default gateway configured? Have you checked that the physical switches have correctly configured ports/vlans? Do you vSwitches have the correct vlan tags (or lack thereof)? Do some of the guests have software firewalls enabled but others not?
0
 

Author Comment

by:davesnb
ID: 40219853
Is there a firewall anywhere?
-There is no firewall

Are the guests on the same subnet?
-The guests are on the same subnet

 Do the guests have the same default gateway configured?
-The guests from both hosts use the same default gateway (192.168.40.1)

 Have you checked that the physical switches have correctly configured ports/vlans?
-Yes, physical boxes are ok patched into the same phisical switch

Do your vSwitches have the correct vlan tags (or lack thereof)?
**Please explain

Do some of the guests have software firewalls enabled but others not?
-All windows OS, the firewall service is disabled on all.
0
 
LVL 119
ID: 40219911
You have checked firewalls are OFF on the VMs ?

there is some weird connectivity issue occurring here....

192.168.40.101
192.168.40. 102

both of the above IP Addresses are on the same subnet, there is no routing required to reach them,

What are the VM IP Addresses ?

192.168.40.xxx ?

VMware ESXI does not provide any routing....

please upload screenshots of your networking.....
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Expert Comment

by:Michael Machie
ID: 40219930
""Do your vSwitches have the correct vlan tags (or lack thereof)?
**Please explain""

I believe he is asking if the switch ports the computer is plugged in to is configured to allow that network scheme to speak to other devices in that scheme. Switch ports can be configured independently from each other on business class routers/switches. Using different vLANs (different IP schemes on the same network controlled by the switch) usually requires some configuration to have devices speak to each other across the vLANs and switch ports.

The machine that can ping properly may be set on a switch port that can speak to that scheme, whereas the same may not be true for the machine that cannot ping out properly.
0
 

Author Comment

by:davesnb
ID: 40219972
is there an independent setting on the vm guest instance ( or host instance) that deals with a "firewall"?
0
 
LVL 13

Expert Comment

by:Michael Machie
ID: 40220032
Just the embedded firewall application within the VM's operating system if it has one.
VMWare itself does not have an embedded firewall.
0
 
LVL 119
ID: 40220233
VMs can have a firewall, what is the OS ?
0
 

Author Comment

by:davesnb
ID: 40220238
The OS is 2012 and 2003 MS server . Where is the firewall setting on the vm guest instance ?
0
 
LVL 119
ID: 40220246
On the Network Interface.
0
 

Author Comment

by:davesnb
ID: 40220268
Can you be more specific please, this is 5.5 vmware client , connected to vcenter server .. Where do I browse to this firewall setting
0
 
LVL 119
ID: 40220494
The firewall settings are specific to the virtual machine OS, not vCenter Server, not vSphere Web Client.

Connect to the VM, via Console, RDP, and open Control Panel, and check Firewall is OFF.
0
 

Author Comment

by:davesnb
ID: 40220502
Right. As mentioned , the firewall service is disabled on all os
0
 
LVL 119
ID: 40220521
okay, can you upload screenshots of your hosts ESXi networking.
0
 

Author Comment

by:davesnb
ID: 40224313
Update;

I have a windows 2012 server "MQ1 - ip 192.168.40.194" on vm host 102 , and a windows 2012 server "MQ2 - ip 192.68.40.194" on vm host 101 . These MQ's are clustered using nlb with cluster ip 191 and 192, on tcp 1414 .

- Guests on 101 can ping all servers on 102 except "MQ1 - 192.168.40.194" . However, MQ2 can ping MQ1
- guests on 102 can ping all servers on 101 except "MQ2 -192.168.40.195". However, MQ1 can ping MQ2

All guest vm s on host 101 can ping the the cluster ip (40.192) each way , however there is no routing to the MQ1 (active) 1414 port which is clustered .

All physical servers on the same subnet ( 40.x) can ping MQ1 and telnet ok to port 1414.  All guest vms on the same host as MQ1 can ping and telnet ok to MQ1

Any ideas , much appreciated.
0
 
LVL 119
ID: 40224342
okay, can you upload screenshots of your hosts ESXi networking. (repeated!)
0
 

Author Comment

by:davesnb
ID: 40224568
here is the 102 host networking config, the 101 would be similar ..
vmware102.jpg
vmware102-1.jpg
vmware102-2.jpg
vmware102-3.jpg
vmware102-4.jpg
vmware102-5.jpg
0
 
LVL 119
ID: 40224575
please upload 101 so I can compare, at present I cannot compare anything....
0
 

Author Comment

by:davesnb
ID: 40224602
0
 

Author Comment

by:davesnb
ID: 40226685
Any ideas on this ? When the nlb cluster is spread across 2 hosts , guests on 101 ( same subnet) cannot connect to the active MQ1 listener tcp 1414 on 102 . However, the physical servers on the same subnet have no issues.
0
 
LVL 119
ID: 40226722
NLB is a different issue entirely.

This is the first time you've mentioned NLB?

is this Windows NLB ?
0
 

Author Comment

by:davesnb
ID: 40226737
Yes , this is windows nlb
0
 
LVL 119
ID: 40226795
and are all the issues with this?
0
 

Author Comment

by:davesnb
ID: 40226902
Yes , just with this connection.
0
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40226924
Okay, Microsoft NLB cause many issues with VMware vSphere

1. Check you are using Multicast as recommended by VMware.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006580

2. You must ensure that you have defined STATIC ARP entries on ALL your physical switches in your network, which you expect to see multicast traffic or NLB trafifc on or to.

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1006558
0
 

Author Closing Comment

by:davesnb
ID: 40248948
Many thanks, the multicast mode needed to be enabled .
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
HOW TO: Upload an ISO image to a VMware datastore for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere Host Client, and checking its MD5 checksum signature is correct.  It's a good idea to compare checksums, because many installat…
Teach the user how to install vSphere Update Manager  Console to Windows system:  Install vSphere Update Manager: Configure vSphere Update Manager plug-in in vSphere Client: Verify vSphere Update Manager settings in vSphere Client:
Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question