Solved

VM can ping everything on it's own subnet... but not the default gateway (but everything else can)

Posted on 2016-10-20
9
85 Views
Last Modified: 2016-11-01
So I have a VM, it can ping everything on it's own subnet, including stuff external to the esxi host.  But it can't ping the default gateway (which is a fortigate 100d).  The fortigate says it gets the ping and that it replies, but somehow this host is not getting the reply.

Any ideas?

How could I packet capture at the esxi level to see if the reply is being delivered to the VM?

The VM's address is 192.168.1.58

in fortigate I might do something like

diag sniffer packet any 'icmp and host 192.168.1.58' 4

And it would list info about packets for that host.... can I do similar in CLI (or GUI) in esxi to see if esxi thinks it is handing the packet to the host?  

Any of troubleshooting ideas?

Everything was fine and then this just happened randomly....
0
Comment
Question by:Xetroximyn
9 Comments
 
LVL 117
ID: 41853401
what does your networking look like ?

are the VM and ESXi host on the same network ?

can you ping the default gateway from the Host ?
0
 
LVL 4

Assisted Solution

by:Kylo Ren
Kylo Ren earned 125 total points
ID: 41855442
i would install wireshark on the host to see if the packets are getting dropped
0
 

Author Comment

by:Xetroximyn
ID: 41855549
The VM is on the esxi host.

Everything else on the subnet is working fine.  All other devices (including other VM's on the same ESXI host, and the esxi host itself, and all other physical devices) can ping everything on the subnet (192.168.1.x), they can ping the gateway  (192.168.1.1) and past the gateway. (say 8.8.8.8)

This one VM, can ping everything else on the same subnet.  So it can ping 192.168.1.2-254 but it can't ping 192.168.1.1.  

192.168.1.1 is a fortigate so I have run a sniffer and I see the pings come in and replies go out
diag sniffer packet any 'icmp and host 192.168.1.58' 4

I have wireshark on the PC, but I am not familiar with correct syntax to filter it down.   Can any one help with that?

In any case though, is there really a possibility wireshark could see the packet enter the PC if ping command is not seeing it?   That's why I was thinking about packet sniffing at the ESXI level.
0
 
LVL 117
ID: 41855561
is this VM connected to the same VM portgroup as all the other VMs?

what network interface are you using in the VM? E1000 ?

firewall disabled on VM ?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Xetroximyn
ID: 41855589
same port group.  E1000.  Firewall is not disabled because it's on a domain that greys out that option, but it's just standard windows firewall.  Settings have not changed.  And it can ping all other IP's just not the gateway.  I'm sure there is no rule disallowing ping only from 192.168.1.1.

Is it possible to easly packet sniff at esxi level like it is on our fortigate?  That's what I would really like to do.  To confirm if esxi thinks it's delivering the packets to the PC.

Not sure if I mentioned this before but it did this once before and resolved itself before I had much chance to troubleshoot.
0
 
LVL 117
ID: 41855600
just quickly STOP the firewall service in the OS via services, and check....if you can ping this default gateway, if stiil issues....

also change the interface to VMXNET3 which you should be using for all VMs, rather than the E1000 legacy emulated interface.

and then repeat ping with and without firewall running.
0
 

Author Comment

by:Xetroximyn
ID: 41855607
Ah - didn't realized I could disable service in services panel.  :-)  Did that, still no ping to gateway.  Looks like I need to reboot in order to add new network card.  I am hoping, if its possible, to do a packet sniff at esxi level before rebooting just to see what esxi is seeing.  

I wonder if i reboot if the problem will resolve itself again, and I will have lost another chance to troubleshoot deeper.

Thanks!
0
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 250 total points
ID: 41855620
Network interfaces are HOT ADD, Plug and Play. No need to reboot.

Simple Add a new VMXNET3 network interface, and Disable the old legacy  e1000, re-test with ping, with firewall disabled. (service stopped)

you want to packet sniff at the host, be my guest...

Using the pktcap-uw tool in ESXi 5.5 and later (2051814)

Monitoring network traffic from within a virtual machine on a VMware vSphere ESX/ESXi server (1038847)

Capturing a network trace in ESXi using Tech Support Mode or ESXi Shell (1031186)

http://www.vmwarearena.com/how-to-capture-network-trafficpacket-on-esxi-hosts/

As for installing Wireshark on ESXi, you may want to ask @Aaron Goodman! normally you take the output captured on ESXi and load into Wireshark on a Windows PC.
0
 
LVL 19

Assisted Solution

by:compdigit44
compdigit44 earned 125 total points
ID: 41856308
For the port group which load balancing options do you have selected? Route based on originating IP, IP hash etc... If you switches are not setup in a bonded pair ie: etherchannel/LACP you should leave it at the default of Route based on IP hash
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now