VMware Cloud Community
LumH
Enthusiast
Enthusiast
‎03-20-2018 02:34 PM
Jump to solution

Need help figuring out why router configuration in a VM env only partially works

Problem Prototype.jpg

Hi there...

Trying to figure out why the above setup is only partially working.

  • All of the above reside on a single physical switch.
  • This is a closed system (no internet).
  • ESXi 6.5 is hypervisor for the VM Host(s).
  • VyOS-1, VyOS-2 and VyOS-3 are VMs running ver 1.1.8 (installed from .iso)
  • All non-VyOS VMs are Windows 10 (from the same .iso)
  • The hosts within each VLAN (both physical and VM) are able to ping and RDP each other.

It seemed to me like a typical router (NAT) problem...

  • Two VLANs (100, 200) containing hosts with the same IP addresses (192.168.1.0/24) trying to access the a common host in the 3rd VLAN (700) - 192.168.100.0/24.
  • Created Router VMs with NAT (source NAT, Port Forwarding, Reflect) for each VLAN, and used 701 as the "WAN".

Here's what I mean by "partially working":

When Vyos-2 is hosted in VM Host 2 as shown in picture, it cannot ping any public addresses (10.16.11.0) on VM Host 1. However, when I move it to be hosted in VM Host 1, all the three public IP are able to access each other.

I would like to understand this behavior.

I'm a newbie to networking, VyOS and also ESXi.... so triple hex on me.

Appreciate your help and comments, eh!

1 Solution

Accepted Solutions
LumH
Enthusiast
Enthusiast
‎03-27-2018 06:06 AM
Jump to solution

Prakash...

you hit it on the head... It was a rookie mistake... I didn't create the VLAN 701 definition on the physical switch...

And that's why it worked when vyos-2 was moved to VM HOST 1 - the networking was all internal and never makes it to the physical network.

u da man!

Thanks so much!

View solution in original post

4 Replies
ashwin_prakash
VMware Employee
VMware Employee
‎03-20-2018 03:18 PM
Jump to solution

As you have mention in the diagram and the configuration, I would like to update you that VM uses a Virtual Machine port group to connect to the external network.

Host uses a VMkernel Port Group to connect.

When Vyos-2 is hosted on Host 1, Check the Virtual Machine port group which the VM is connect to and its configuration.

Make sure the Host 2 also has the same Virtual Machine port group and the same configuration.

If its the same, Make sure the Physical switch can communicate traffic from the port on which the virtual machine port group is connected on the host 2. You could also check if in the physical switch for this port if it can communicate 10.16.11.0 IP Range.

You would be able to configure routing for each port on physical switch.

How to differentiate between Virtual Machine Port Group and VMKernal Port - Quora

Sincerely,
Ashwin Prakash
Skyline Support Moderator
0 Kudos
LumH
Enthusiast
Enthusiast
‎03-26-2018 01:20 PM
Jump to solution

Thanks for the reply, Prakash!

When Vyos-2 is hosted on Host 1, Check the Virtual Machine port group which the VM is connect to and its configuration.

Make sure the Host 2 also has the same Virtual Machine port group and the same configuration.

Yes, Host 2 has the same VM port group (VLAN #) for Vyos-2, as it does on Host 1.

If its the same, Make sure the Physical switch can communicate traffic from the port on which the virtual machine port group is connected on the host 2.

Within each VLAN (port group), all hosts can ping each other:

  • VLAN 100
    PC-1 (192.168.1.135), VM-1 (VM HOST 1 - 192.168.1.110) and VM-1 (VM HOST 2 - 192.168.1.210)
  • VLAN 200
    PC-2 (192.168.1.143), VM-2 (VM HOST 1 - 192.168.1.210) and VM-2 (VM HOST 2 - 192.168.1.110)

So I think there is proper inter-VM Host communications within the constraints of each VLAN - Do you agree?

You could also check if in the physical switch for this port if it can communicate 10.16.11.0 IP Range.

There are no references in the physical switch defining the 10.16.11.0 or 192.168.1.0 IP ranges. The only IP range defined is for 10.100.1.0/24, and that is used for the "VM Management LAN".
All the VM Host computers have 2 NICs - one tied to vswitch0, and the other to vswitch1. All the port group connections shown in the picture are defined in vswitch1.

You would be able to configure routing for each port on physical switch.

I do not configure any inter-VLAN routing commands on the physical switch - I only enable "tagging" (HP ProCurve speak) for the ports that connect the VM HOST 1 & 2 (2nd NICs).

Can you provide any kind of troubleshooting commands (be as detailed as possible) ?

Thank you!

0 Kudos
ashwin_prakash
VMware Employee
VMware Employee
‎03-26-2018 02:50 PM
Jump to solution

Below mentioned are few KBs which would help you troubleshoot VM network.

VMware Knowledge Base

VMware Knowledge Base

https://virtualdatacave.com/2015/07/test-host-networking-for-many-hosts-and-port-groups-vlans/

You could even configure the Physical Switch with out any VLAN on a particular port and connect these host NICs to these port and change the Configuration on the host to test.

When you use the ping command host uses the management nic 0 to test. It would not use any specific port.

Sincerely,
Ashwin Prakash
Skyline Support Moderator
LumH
Enthusiast
Enthusiast
‎03-27-2018 06:06 AM
Jump to solution

Prakash...

you hit it on the head... It was a rookie mistake... I didn't create the VLAN 701 definition on the physical switch...

And that's why it worked when vyos-2 was moved to VM HOST 1 - the networking was all internal and never makes it to the physical network.

u da man!

Thanks so much!