VMware Cloud Community
Nishesh
Enthusiast
Enthusiast
Jump to solution

ESXi 5.5 - Virtual Machine fails to PING to Gateway and/or other hosts

Hello fellow members

I have installed 1 HP DL380p Gen8 with vmware ESXi 5.5.

I have 1 Virtual Machine port group with 2 VMNICs – vmnic0 and vmnic1 connecting 2 Virtual Machines. If i TEAM the NICs, One VM (selected) at random is able to PING to the gateway while the 2nd VM is not. ESXTOP in this case, does not show the Physical NIC that each VM connects to but says ‘all’ under Team-PNIC.

If i break the Team and use only vmnic0 – none of the VMs connet to the gateway. If i create the vSwitch with only vmnic1 as the usable NIC (vminc0 – unused) – again only 1 VM (selected at random) is able to PING the gateway while the other is not (and both VMs are using vmnic1 as the uplink to the vNICs).

The Physical ESX host connects to a Cisco 2950 Catalyst Switch.

Can you please advise where do i go from here ? It could be an issue with the VLAN when it comes to vmnic0 (since none of the VMs are able to connect via this vmnic) but what’s going on with vmnic1 (One VM at random connects while the other doesnot) .. ?

I have tried multiple forums with no luck. :smileyconfused:

Reply
0 Kudos
1 Solution

Accepted Solutions
Nishesh
Enthusiast
Enthusiast
Jump to solution

Managed to resolve this one -

  1. The Up-link Switch (Catalyst 2950) had Port Security enabled across ALL Ports.
  2. I had to disable port security on a given set of ports (to which the Physical NICs are connected).

Everything seems to be working fine now.

Cheers for all the inputs !

View solution in original post

Reply
0 Kudos
10 Replies
weinstein5
Immortal
Immortal
Jump to solution

To troubleshoot we will need additional information - is the same VM that can communicate on the network? When both VMs are powered on are you able they able to ping each other? Can you provide screen shots of the vswitch configuration and the IP configuration of the VMs 0

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Reply
0 Kudos
abhilashhb
VMware Employee
VMware Employee
Jump to solution

This sounds like a VLAN tagging issue. Test different cases by pinging each other VMs. And also check if it's the same VM that is connecting in both cases. Maybe the issue is with the gateway configuration on the VMs too. Talk to Ur network team and get these things cleared. And also provide more info as Weinstein mentioned.

Abhilash B
LinkedIn : https://www.linkedin.com/in/abhilashhb/

Reply
0 Kudos
admin
Immortal
Immortal
Jump to solution

If you can't ping your gateway, then there is either a config mismatch on the physical switch, or the virtual switch.

Reply
0 Kudos
Nishesh
Enthusiast
Enthusiast
Jump to solution

Hello Everyone

  1. When both VMs are powered ON they can sucessfully PING each other and the VMK Ports on the same vSwitch.
  2. They cannot PING the VMK Port on the other vSwitch on the same ESX host.
  3. Its not a specific VM that is failing to connect. Whichever VM is powered ON first connects sucessfully and the other one just times out.
  4. The VM that times out comes up with the following PING results:

3.jpg

  1. Below is the IP Config of the 2 VMs:

1.jpg

2.jpg

  1. A high level overview of the vSwitch config is as follows:

4.jpg

  1. Unfortunately this is a very small branch office setup with no dedicated network engineer to help me out. I'll have to figure it out myself.
  2. If any other info is required please let me know !
Reply
0 Kudos
EMILY32
Contributor
Contributor
Jump to solution

Hi

Welcome to the communities.

please share firewall  details .

Fear defeats more people than any other one thing in the world.
Reply
0 Kudos
SilverNZ
Enthusiast
Enthusiast
Jump to solution

I do not have the answer, however if it makes you feel any better I didn't have much luck with ESXi 5.5 either. My VMKs were pingable however the ISCSI kept crashing the host

A couple of things to try:

  • Have you tried the VMK ping command in order to test each one individually?
  • Are you using VLANs?
  • What switch are you connecting to?(we had an issue here which resulted in the switch causing the problem with our VMKs on ESXi 5.1 U1)
  • Are you getting ARP entries for the VMs and VMKs?
Reply
0 Kudos
Nishesh
Enthusiast
Enthusiast
Jump to solution

Hi Emily

Here are the firewall details (although i wouldn't think a firewall will block 1 Virtual Machine and allow the 2nd one on the same ESX host and the same vSwitch)

1.jpg

Hi SilverNZ

  1. VMKPing to the VMkernel port iD (used for Management) is successful.
  2. Am trying to gather some info on our VLAN Configuration although i have been told it's the Universal VLAN we are on.
  3. We are using a Cisco Catalyst 2950 Switch.
  4. Where can i verify the ARP entries ? On the Cisco switch log ?
Reply
0 Kudos
SilverNZ
Enthusiast
Enthusiast
Jump to solution

  • If you can use each VMK to ping another server or device on the same VLAN then it's safe to say the connectivity is working for those VMKs
  • You can view the arp entries by typing "esxcli network ip neighbor list" (I think). If you can get correct entries, then it is also safe to say the networking is correct as your layer 2 is working
  • Check your switch to see if it registers each device (VMs and VMKs) as well ("show ip arp"). Check the mac addresses against your VMKs and VMs

I noticed that your VMKs are on the same network and they're labelled ISCSI1 and ISCSI2. I'm assuming they're on a /16(the same as your VMs)?. If you're planning to use them for a software ISCSI iniator, it would be best to separate the VMKs out(if your ISCSI unit has more than one initiator). Vmware recommend keeping them on different networks

Just to confirm I have read everything correctly:

  • Both your ISCSI VMKs are on the default VLAN(none/untagged)
  • "VM Network" is on the same VLAN as the ISCSI VMKs
  • The VMs cannot ping the ISCSI VMKs correctly

As a test, can you remove the unused adapter from your teamed vswitch and try again?

Reply
0 Kudos
SilverNZ
Enthusiast
Enthusiast
Jump to solution

Also, a firewall shouldn't block the traffic as everything looks like it is on the same subnet. Unless your router/firewall has separated it out in some weird way, it should be fine

Reply
0 Kudos
Nishesh
Enthusiast
Enthusiast
Jump to solution

Managed to resolve this one -

  1. The Up-link Switch (Catalyst 2950) had Port Security enabled across ALL Ports.
  2. I had to disable port security on a given set of ports (to which the Physical NICs are connected).

Everything seems to be working fine now.

Cheers for all the inputs !

Reply
0 Kudos