Solved

VM can ping everything on it's own subnet... but not the default gateway (but everything else can)

Posted on 2016-10-20
9
135 Views
Last Modified: 2016-11-01
So I have a VM, it can ping everything on it's own subnet, including stuff external to the esxi host.  But it can't ping the default gateway (which is a fortigate 100d).  The fortigate says it gets the ping and that it replies, but somehow this host is not getting the reply.

Any ideas?

How could I packet capture at the esxi level to see if the reply is being delivered to the VM?

The VM's address is 192.168.1.58

in fortigate I might do something like

diag sniffer packet any 'icmp and host 192.168.1.58' 4

And it would list info about packets for that host.... can I do similar in CLI (or GUI) in esxi to see if esxi thinks it is handing the packet to the host?  

Any of troubleshooting ideas?

Everything was fine and then this just happened randomly....
0
Comment
Question by:Xetroximyn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 121
ID: 41853401
what does your networking look like ?

are the VM and ESXi host on the same network ?

can you ping the default gateway from the Host ?
0
 
LVL 5

Assisted Solution

by:Kylo Ren
Kylo Ren earned 125 total points
ID: 41855442
i would install wireshark on the host to see if the packets are getting dropped
0
 

Author Comment

by:Xetroximyn
ID: 41855549
The VM is on the esxi host.

Everything else on the subnet is working fine.  All other devices (including other VM's on the same ESXI host, and the esxi host itself, and all other physical devices) can ping everything on the subnet (192.168.1.x), they can ping the gateway  (192.168.1.1) and past the gateway. (say 8.8.8.8)

This one VM, can ping everything else on the same subnet.  So it can ping 192.168.1.2-254 but it can't ping 192.168.1.1.  

192.168.1.1 is a fortigate so I have run a sniffer and I see the pings come in and replies go out
diag sniffer packet any 'icmp and host 192.168.1.58' 4

I have wireshark on the PC, but I am not familiar with correct syntax to filter it down.   Can any one help with that?

In any case though, is there really a possibility wireshark could see the packet enter the PC if ping command is not seeing it?   That's why I was thinking about packet sniffing at the ESXI level.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 121
ID: 41855561
is this VM connected to the same VM portgroup as all the other VMs?

what network interface are you using in the VM? E1000 ?

firewall disabled on VM ?
0
 

Author Comment

by:Xetroximyn
ID: 41855589
same port group.  E1000.  Firewall is not disabled because it's on a domain that greys out that option, but it's just standard windows firewall.  Settings have not changed.  And it can ping all other IP's just not the gateway.  I'm sure there is no rule disallowing ping only from 192.168.1.1.

Is it possible to easly packet sniff at esxi level like it is on our fortigate?  That's what I would really like to do.  To confirm if esxi thinks it's delivering the packets to the PC.

Not sure if I mentioned this before but it did this once before and resolved itself before I had much chance to troubleshoot.
0
 
LVL 121
ID: 41855600
just quickly STOP the firewall service in the OS via services, and check....if you can ping this default gateway, if stiil issues....

also change the interface to VMXNET3 which you should be using for all VMs, rather than the E1000 legacy emulated interface.

and then repeat ping with and without firewall running.
0
 

Author Comment

by:Xetroximyn
ID: 41855607
Ah - didn't realized I could disable service in services panel.  :-)  Did that, still no ping to gateway.  Looks like I need to reboot in order to add new network card.  I am hoping, if its possible, to do a packet sniff at esxi level before rebooting just to see what esxi is seeing.  

I wonder if i reboot if the problem will resolve itself again, and I will have lost another chance to troubleshoot deeper.

Thanks!
0
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 250 total points
ID: 41855620
Network interfaces are HOT ADD, Plug and Play. No need to reboot.

Simple Add a new VMXNET3 network interface, and Disable the old legacy  e1000, re-test with ping, with firewall disabled. (service stopped)

you want to packet sniff at the host, be my guest...

Using the pktcap-uw tool in ESXi 5.5 and later (2051814)

Monitoring network traffic from within a virtual machine on a VMware vSphere ESX/ESXi server (1038847)

Capturing a network trace in ESXi using Tech Support Mode or ESXi Shell (1031186)

http://www.vmwarearena.com/how-to-capture-network-trafficpacket-on-esxi-hosts/

As for installing Wireshark on ESXi, you may want to ask @Aaron Goodman! normally you take the output captured on ESXi and load into Wireshark on a Windows PC.
0
 
LVL 20

Assisted Solution

by:compdigit44
compdigit44 earned 125 total points
ID: 41856308
For the port group which load balancing options do you have selected? Route based on originating IP, IP hash etc... If you switches are not setup in a bonded pair ie: etherchannel/LACP you should leave it at the default of Route based on IP hash
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question