Solved

Unable to Connect to Routers via VMware ESXi and Riverbed Steelhead

Posted on 2015-02-10
35
347 Views
Last Modified: 2015-02-10
Hello Experts,

I posted this question in VMware category, however the question is likely to be better understood by someone with Networkign skills.

We have configured our network based on the attached Topology with Riverbed Virtual Appliances VCX555.

We have configured the appliance in accordance with the attached PDF.

The situation is this:

We can ping 10.1.21.1 (R2) from N21-PC

We can ping 10.1.21.110 (N21-PC) from 10.1.21.1

We can ping 10.1.21.25 (In-Path) from N21-PC

We can ping 10.1.21.25 (In-Path) from R2

THE PROBLEM IS:

We CAN'T ping 10.1.22.1 from N21-PC

we CAN'T ping 10.1.21.25 from N21-SHA

We CAN'T ping 10.1.21.110 from N21-SHA

We CAN'T ping 10.1.21.1 from N21-SHA


Please take a look at the image of the VMware configuration. You'll find it complies with the instructions in the manual.

Can you help determine why we can ping with the PC which is using 10.1.21.25(In-Path) as it's gateway, but can't ping anything from Steelhead

Please let me know if you need any further screenshots.

Any help will be greatly recieved.

N21-PC
n21-sha
r2
topSteelHead---deployment-installation-guid
0
Comment
Question by:cpatte7372
  • 24
  • 8
  • 2
  • +1
35 Comments
 
LVL 117
ID: 40600284
It looks that are two issues.

We CAN'T ping 10.1.22.1 from N21-PC

this looks like a routing, can you confirm if this is correct ?

what is the router? is it routing from either subnet.

we CAN'T ping 10.1.21.25 from N21-SHA

We CAN'T ping 10.1.21.110 from N21-SHA

We CAN'T ping 10.1.21.1 from N21-SHA

we are going to need the virtual switches and diagram or screenshot from ESXi.
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40600369
Can you compare N21-SHA and N22-SHA configurations, since those two are almost the same?
Probably there is some small difference if network N22 works OK.

To me from pings you gave looks like problem is on N21-SHA device.

Compare PC gateways on N21-PC - N22-PC.
Router is configuration identical for F1/0 and Fe2/0.

Compare Routing tables on Routing devices.
0
 

Author Comment

by:cpatte7372
ID: 40600379
Hi guys,

Thanks for responding.

I would understand if there was routing issue but I can ping from 10.1.22.1 to 10.1.21.25, and 10.1.21.110 is using 10.1.21.25 as it's gateway. Therefore, surely if I can ping 10.1.21.25 I should be able to ping 10.1.21.110??

My theory is that I need to add a virtual adapter to N21-SHA to interface with N21-PC....
0
 

Author Comment

by:cpatte7372
ID: 40600383
Hi,

Just to show you....
0
 

Author Comment

by:cpatte7372
ID: 40600384
Oops

ping
0
 

Author Comment

by:cpatte7372
ID: 40600392
Experts,

I'm changed things around a little bit, see image.

image
I can now ping 10.1.21.1 and 10.1.22.1 N21-SHA but I still can't ping 10.1.22.1 from N21-PC....

This is driving me crazy...
0
 

Author Comment

by:cpatte7372
ID: 40600395
Is it possible to add virtual interface?
0
 

Author Comment

by:cpatte7372
ID: 40600399
Sorry, I meant virtual adapter
0
 

Author Comment

by:cpatte7372
ID: 40600426
Andrew,

The N21-SHA is a Riverbed Steelhead device.

The router is a Cisco Cloud Services Router - has pretty much the same functionality as a normal router.

Is that what you needed..?
0
 

Author Comment

by:cpatte7372
ID: 40600468
Experts,

If it's not possible to configure virtual adapter, is is possible to force traffic from N21-PC to go through 10.1.21.25 (N21-SHA)?

Cheers
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40600568
Basic networking:

If devices are in the same network - devices send a broadcast ARP message to check what is MAC address device that have specific IP address. If there's no answer from host, that device is considered unavailable. Simple as that.
If devices are not in the same network, send data to default gateway.

All of those devices (N21-PC, N21-SHA, Router) are in 10.1.21.0/24 range and should be directly reachable.
0
 

Author Comment

by:cpatte7372
ID: 40600594
Predrag,

I totally agree. But vSwitching doesn't work like that in this case.

If you take a look at the image you will see there are four networks; WAN21, PRIM21, AUX21 and LAN21.

N21-PC is in LAN21 network whereas the router is in WAN21 network.

n21-sha
PC
Does that make sense?
0
 

Author Comment

by:cpatte7372
ID: 40600599
I just don't understand how I can ping 10.1.21.25 from 10.1.22.1 but not the PC (10.1.21.110)?

I hope someone can help me
0
 

Author Comment

by:cpatte7372
ID: 40600876
I was wondering if an Expert with VMware skills could emulate the topology above and see if they can get it to work.. otherwise do you have any more ideas?
0
 
LVL 6

Expert Comment

by:Daniel Sheppard
ID: 40601315
I do want to comment, I don't know much about the Riverbed however it looks like the riverbed is functioning as a router (not in transparent mode) and in that case, that would definitely cause issues with the Cisco router on the same subnet as the Riverbed (In, Out, Aux, Management)

If it is possible, I would either switch the Riverbed into a Transparent mode (all computers just point to the Cisco as their gateway ) or leave it in routed and adjust your subnets.

What is the difference between LAN21 and PRIM21?
0
 

Author Comment

by:cpatte7372
ID: 40601884
Hi Daniel,

Thanks for responding, LAN21 and PRIM21 represent vSwitches
0
 

Author Comment

by:cpatte7372
ID: 40601906
capExperts,

I can ping everything from 10.1.22.1 apart from 10.1.21.110... it's crazy considering 10.1.21.25 is the gateway for 10.1.21.110

Any other thoughts Experts?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 6

Expert Comment

by:Daniel Sheppard
ID: 40601913
What subnets are those vSwitches?
0
 

Author Comment

by:cpatte7372
ID: 40601998
Hi Daniel

One second. Going to provide another image. It might take 3 minutes.
0
 

Author Comment

by:cpatte7372
ID: 40602009
The subnet for N21-PC is LAN21; 10.1.21.0/24


 N21-SHA LAN21 10.1.21.0/24; WAN21 10.1.21.0/24; WAN22 10.1.22.0

The subnets are represented by the names above in VMware, see imgaes

img1
img2
img3
0
 

Author Comment

by:cpatte7372
ID: 40602013
So I need to be able to ping 10.1.22.1 from N21-PC and likewise R2 needs to be able to ping 10.1.21.110 from 10.1.22.1
0
 

Author Comment

by:cpatte7372
ID: 40602018
Daniel,

If you know anything about Riverbed Steelheads you'll know I missed one crucial ip address - the ip address for the in-Path interface, which is 10.1.21.25. The In-Path is acting as the gateway for the PC, and the router can ping the In-Path address but not the PC.... crazy
0
 

Author Comment

by:cpatte7372
ID: 40602022
When I say;

the router can ping the In-Path address but not the PC

I mean from 10.1.22.1.

However, the router can ping the pc from 10.1.21.1 (because its on the same subnet)
0
 
LVL 6

Expert Comment

by:Daniel Sheppard
ID: 40602027
But...  Here is the thing.  If your system is acting as a router(it sounds very much like this is the case) and you have 3 vSwitches which are connect to (for the sake of argument we will use switches, but they could just be separate VLANs) the device will send one packet out one interface, with the expectation that the networks are all interconnected when they are not.

I need to know, is this device a router/gateway or a transparent caching system (Think ASA firewall in Transparent mode, packets go in, it inspects them and they go out vs a Cisco IOS Router, Packet goes in, it looks up the next-hop IP in the routing table and then forwards it out the correct interface)?
0
 

Author Comment

by:cpatte7372
ID: 40602029
It's almost as if the Riverbed won't route the packet from the PC to any address outside of 10.1.21.0/24. But yet it will route packet from its In-Path address 10.1.21.25
0
 
LVL 6

Expert Comment

by:Daniel Sheppard
ID: 40602032
Give me some time to investigate the Riverbed more closely.  I am not familiar with it.
0
 
LVL 6

Accepted Solution

by:
Daniel Sheppard earned 500 total points
ID: 40602051
Set your default gateway to the router, not the Riverbed, the Riverbed is more or less a Transparent Proxy.
0
 
LVL 6

Expert Comment

by:Daniel Sheppard
ID: 40602060
In a field Scenario, you will need to have all of your LAN traffic enter the RiverBed on one VLAN (port) and exit on a separate VLAN(port).  The Riverbed is a transparent Layer 2 device that captures all packets from what I can tell.
0
 

Author Comment

by:cpatte7372
ID: 40602071
Daniel

In a field Scenario, you will need to have all of your LAN traffic enter the RiverBed on one VLAN (port) and exit on a separate VLAN(port).  The Riverbed is a transparent Layer 2 device that captures all packets from what I can tell.

You got it mate....
0
 

Author Comment

by:cpatte7372
ID: 40602072
Daniel,

With that said, what do you think?
0
 
LVL 6

Expert Comment

by:Daniel Sheppard
ID: 40602075
Your default gateway for your PC, did you set that as a the router and not the riverbed?
0
 

Author Comment

by:cpatte7372
ID: 40602078
Set your default gateway to the router, not the Riverbed, the Riverbed is more or less a Transparent Proxy.

When you read a little more on Riverbeds(and I hope you do :-), you'll find that the gateway needs to be a Riverbed as the whole idea is to take packets from PCs and optimize them before sending them across the WAN
0
 

Author Comment

by:cpatte7372
ID: 40602103
Set your default gateway to the router, not the Riverbed, the Riverbed is more or less a Transparent Proxy.

Daniel, I decided to give your suggestion a shot and it worked....

I truly can't thank you enough.

I'll buy you a drink should you ever come to London

I wish I could give you a 1000 points.

Cheers
0
 

Author Closing Comment

by:cpatte7372
ID: 40602104
Fantastic
0
 
LVL 6

Expert Comment

by:Daniel Sheppard
ID: 40602118
No problem, the Riverbed is a Transparent network device, and the "inPath" gateway is your router, not the computer.  Basically, no matter what, the Riverbed has to be between your router and the physical network (you can trick this by using vLans and vSwitches).

The gateway referenced in the literature (which I spent all of 10 minutes reading) in the "Physical InPath" (You are a Physical InPath deployment) is the gateway which allows the Riverbed to connect to the Internet/WAN.

There are other deployment options but I don't think any of them set themselves as the default gateway.  I am not sure if the Riverbed can ever function as a router and perform route-lookups.  However if that was the case, your LAN and WAN subnets would have to be different.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now