Re: Strange Network Problem (I Think)

sstremmel · ‎08-24-2009

I have a question pertaining to Guest OS's in ESXi 4. I am having trouble getting them to be seen outside of the rack that they are in.

Please see the images attached for clarification...

The image ESXi_Cluster_Net.png shows the physical layout of the rack.

I re-purposed one of our nodes in a cluster as the ESXi 4 host and physically hooked the network cable from the Campus switch to the eth0 and configured eth1 to access cluster switch 1.

I gave the ESXi Host a campus IP address and tested it. I can ping it from my office in another building and connect via the vSphere client there.

I installed 2 Guest OS's (both CentOS 5 x64), configured them with 2 NIC's and gave a campus IP to each VM's eth0 and a cluster IP to each VM's eth1.

The vSphere configuration of the network looks like the image ESXi_VM_Net_Config_Show02.png below.

With these configurations I can ping the host IP from my office but not the Guest OS IP's, but I can access them after I ssh to the Head node (which has 3 NIC's, one for each cluster IP and one for the campus IP; see image).

I can ssh to the Guest OS's from the Head node. Once logged into either Guest OS I can ping any system in the cluster rack and any system within the room by IP address, but nothing outside of the room.

Could the Cisco switch the Host is attached to be blocking the Guest OS's attempts to ping/ssh/etc...? I don't have ownership of the campus switch so I would have to go through our network services group to look into that.

Or is it something that I am missing in the Hosts configuration that is blocking the Guest OS VM's network traffic?

I appreciate any help I can get with this. I thought that I was ready to roll these VM's out, but I can't until I get this problem solved.

rolohm · ‎08-25-2009

It looks as if your Guest OS VMs don't have correctly set up default gateways. The default gateways of the Guest OS VMs need to be the default gateway of 128.249.x.x network. Same default gateway as the ESX4i host sees.

/R

bulletprooffool · ‎08-25-2009

I am with rob on this, though I'd say we need a copy of the ipconfig for one of the VMs to confirm, along with an idea of what you DGs etc are.

If you take ESX out of the equation (patch the lead into your desktop and give it the same IP config as the VMs) can you get everywhere on the network that you are trying to?

One day I will virtualise myself . . .

J1mbo · ‎08-25-2009

It does look like incorrect gateway addresses, or some kind of MAC address based port security applied to the switches (which seems unlikely).

sstremmel · ‎08-25-2009

The default route should be correct but I'll check it.

The update to this is that the Guest OS's can see any of the systems in the server room that it resides in, but nothing outside of that room. Basically, it seems that if the ping (or ssh, etc...) doesn't have to enter the Campus switch it can communicate with other systems outside of the cluster rack. If it tries to get to a system on the OTHER side of the Campus switch it gets nothing. So I'm thinking that it may be the Campus switch (a Cisco) itself blocking the traffic from the Guest OS's NIC's somehow.

J1mbo · ‎08-25-2009

Is there any special port config on the switch - dot1q etc?

Max0656 · ‎08-25-2009

What OS are you using on your VM guests, Windows 2003? I have seen many strange issues with IPSec since the default exclusions changed from Windows 2000 Server, so if you are not utilizing it then disable and reboot. Look in the eventlog for event ID 4294 and/or 4292 to confirm. But I think to look beyond that we need to ensure as previously discussed that your configured gateway is working properly and a screen capture of an 'ipconfig /all' should be provided from the guest OS. Good luck.

-Max

sstremmel · ‎08-25-2009

UPDATE: It was the default route with a little Campus (Cisco) switch hinkyness thrown in. It works now. Thanks for the hints.

All

Strange Network Problem (I Think)