Strange forwarding anomaly with ESXi

shebang · ‎10-16-2009

I ran into a strange anomaly when running a virtual router, which we use for url/domain filtering, on our HA cluster. When a workstation from the internal network connects to a virtualserver which is on the same ESXi host as the virtual router, the connection fails! When I migrate de virtual router to another ESXi host everything works fine. See also the attached image. It seems that this problem only occurs with certain tcp ports, which are also ports ESXi uses (I tested 443 en 8095, both don't work!). Squid proxy traffic on port 3128 works fine. Did I forget something to configure? Or is this setup wrong (fyi: this works on xenserver)?

J1mbo · ‎10-16-2009

Looks like your vSwitches are not consistently applied (swapped in fact between hosts).

Please award points to any useful answer.

J1mbo · ‎10-16-2009

Also, the virtual router should only be run on ONE host.

Please award points to any useful answer.

shebang · ‎10-16-2009

The virtual router runs in fact on ONE host, but this can't be the same host as where the VM is located to which the workstation is connected.

shebang · ‎10-16-2009

Looks like your vSwitches are not consistently applied (swapped in fact between hosts).

What do you mean by that? The vSwitches are configured the same per host

J1mbo · ‎10-16-2009

Diagram shows "vSwitch1" and "vSwitch2" connections are reversed between hosts.

Please award points to any useful answer.

shebang · ‎10-16-2009

Diagram shows "vSwitch1" and "vSwitch2" connections are reversed between hosts.
Please award points to any useful answer.

Mea culpa! You're right, the vSwitches are accidentily swapped in the diagram, in the real situation it's ok.

shebang · ‎10-16-2009

Diagram shows "vSwitch1" and "vSwitch2" connections are reversed between hosts.

Please award points to any useful answer.

Mea culpa! You're right, the vSwitches are accidentily swapped in the diagram, in the real situation it's ok.

I updated the diagram

J1mbo · ‎10-16-2009

hmmm could we see the network pages from the two esx hosts?

Please award points to any useful answer.

shebang · ‎10-16-2009

hmmm could we see the network pages from the two esx hosts?

Please award points to any useful answer.

I attached the networking configurations of the two hosts. The virtual router is SRV-LCB01 (vSwitch names are different from the diagram, but the principal remains the same). As you can see SRV-LCB01 is switched off at the moment (runs at xenserver now). SRV-LCB15 is the virtual machine it conflicts with.

shebang · ‎10-16-2009

I ran into a strange anomaly when running a virtual router, which we use for url/domain filtering, on our HA cluster. When a workstation from the internal network connects to a virtualserver which is on the same ESXi host as the virtual router, the connection fails! When I migrate de virtual router to another ESXi host everything works fine. See also the attached image. It seems that this problem only occurs with certain tcp ports, which are also ports ESXi uses (I tested 443 en 8095, both don't work!). Squid proxy traffic on port 3128 works fine. Did I forget something to configure? Or is this setup wrong (fyi: this works on xenserver)?

This problem occurs only when packets are forwarded (by a virtual router) from one vSwitch to another. When I hook up a (virtual) workstation to the same vSwitch the virtualserver is connected to and I connect the virtualserver from the virtual workstation, everything works fine!

All

Strange forwarding anomaly with ESXi