Stippi
Contributor
Contributor

VM not available from the physical network

Hey everybody! I got an interesting issue. I just start to install a new VM with the web client from a client of my physical network. This works so far. Now I want to configure this VM with the new IP address. From my client it is not reachable. Trying to ping the IP is not successful. When I try to ping this VM from another VM like my DC or Exchange, this is no problem. It seems, there is an error with network of the host. The VM is not able to connect to the internet too. Can't really explain to me why. All other VM's are reachable and work fine.

Where should I have a look at to solve this problem? Does it belong to the host or to another component of my network?

Many thanks in advance for your help!

Kind regards

Tags (1)
0 Kudos
29 Replies
hussainbte
Expert
Expert

The fact that the VM can question can be reached from your domain controller tells me there are no issues with the VM.

Do you have proper routes configured in the physical network allowing you to access the VM.? ICMP allowed?

what network is that VM on?

any other VM on the same N/W which works normally?

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
0 Kudos
Jitu211003
Hot Shot
Hot Shot

It looks NIC mac address issue.

If you have any older record check for any mac address change of that VM.

Check the network policy if it is set to reject all.

Thanks

My blog, vmwarediary.com, vmwarediary.in

0 Kudos
SureshKumarMuth
Commander
Commander

Are you able to ping the gateway from inside the VM ? If you are able to ping the DC or exchange from the VM , may be they are in the same network segment / VLAN but when you are not able to ping client from the VM , because they are in different segment which requires gateway.

This is not an issue at VM level, you have to check if the new VM has proper IP setting (subnet mask and gateway). If you are sure they are proper, involve network team to investigate.

Regards, Suresh https://vconnectit.wordpress.com/
0 Kudos
Stippi
Contributor
Contributor

Hey hussainbte,

thanks for your answer!

Our network is pretty simple build up. Inside of our host, there is only one network, we don't work with VLAN and there are only 2 switches in our network.

There is no special configured route in our physical network for accessing the VM. ICMP should be allowed, never configured to disallow.

So, all of our VMs working on the same network and all are working normally.Can ping them from any client. Only the new one not.

0 Kudos
Stippi
Contributor
Contributor

Hey Jitu211003,

thanks for your answer!

I've changed the mac address of that VM, with no result. Still not reachable.

The network policy was never touched, so it should be not rejected.

Kind regards

0 Kudos
Stippi
Contributor
Contributor

Hey Surehsumar M,

thanks for your answer! I am not able to ping the gateway from inside of the VM. But I am able to ping the DC from the VM. Its hilarious, cant explain to me why. There is only one network configured inside the host and no special VLAN configuration. I used fixed IP and subnet mask, also correct gateway is set. How can I test the network of my host? Are there some features build in the ESXi?


Kind regards

0 Kudos
Stippi
Contributor
Contributor

Another interesting issue:

I can't even reach the host directly. Only over the VM running in the host. I assume an issue with the physical switch. Or are there any other thoughts from you guys? Suggestions are really appreciated!

Kind regards

0 Kudos
hussainbte
Expert
Expert

What is your gateway.. is it a physical device or a NLB configured with virtual IP as gateway..?

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
0 Kudos
hussainbte
Expert
Expert

Is you ESXi Management network and VM production network on the same vLAN.

if you have console access to the ESXi.. please share the output of

esxcfg-vswitch -l

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
0 Kudos
Stippi
Contributor
Contributor

My gateway is a physical device, it's a Cisco RV320. But the host is connected to a Cisco ESW-540-24P switch.

0 Kudos
Stippi
Contributor
Contributor

Here is the output of esxcfg-vswitch -l:

esxcfg-vswitch -l

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks

vSwitch0         4082        13          128               1500    vmnic0,vmnic1

  PortGroup Name        VLAN ID  Used Ports  Uplinks

  VM Network            0        7           vmnic0,vmnic1

  Management Network    0        1           vmnic0,vmnic1

In my mind it is on the same vLAN. I can only access to the shell of the ESXi from a VM, not from a physical client.

0 Kudos
hussainbte
Expert
Expert

so there are vLANs involved.

could you also share the output of below command

vim-cmd hostsvc/net/query_networkhint

you can redirect that to a notepad.. this includes CDP info of you upstream switch if you have CDP enabled(so if you are not OK with sharing such details dont do it)

from the out if you see that vLAN7 and vLAN 1 are allowed on both nics.. that there are no configuration issues from vSPhere side.

BTW what is native vLAN ID

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
0 Kudos
Stippi
Contributor
Contributor

There is a mistake in the output view, both uplinks are on vLAN ID 0, the used ports are 7 and 1. So the standard vLAN ID 0.

here is the output of the command:

(vim.host.PhysicalNic.NetworkHint) [

   (vim.host.PhysicalNic.NetworkHint) {

      device = "vmnic0",

      subnet = (vim.host.PhysicalNic.NetworkHint.IpNetwork) [

         (vim.host.PhysicalNic.NetworkHint.IpNetwork) {

            vlanId = 0,

            ipSubnet = "192.168.1.1-192.168.1.254"

         }

      ],

      network = <unset>,

      connectedSwitchPort = (vim.host.PhysicalNic.CdpInfo) {

         cdpVersion = 2,

         timeout = 60,

         ttl = 136,

         samples = 29036,

         devId = "ESW-540-24P",

         address = "192.168.1.4",

         portId = "g20",

         deviceCapability = (vim.host.PhysicalNic.CdpDeviceCapability) {

            router = false,

            transparentBridge = false,

            sourceRouteBridge = false,

            networkSwitch = true,

            host = false,

            igmpEnabled = true,

            repeater = false

         },

         softwareVersion = "2.1.21",

         hardwarePlatform = "ESW-540-24P",

         ipPrefix = "0.0.0.0",

         ipPrefixLen = 0,

         vlan = 1,

         fullDuplex = true,

         mtu = 0,

         systemName = "",

         systemOID = "",

         mgmtAddr = "0.0.0.0",

         location = ""

      },

      lldpInfo = (vim.host.PhysicalNic.LldpInfo) null

   },

   (vim.host.PhysicalNic.NetworkHint) {

      device = "vmnic1",

      subnet = (vim.host.PhysicalNic.NetworkHint.IpNetwork) [

         (vim.host.PhysicalNic.NetworkHint.IpNetwork) {

            vlanId = 0,

            ipSubnet = "192.168.1.1-192.168.1.254"

         }

      ],

      network = <unset>,

      connectedSwitchPort = (vim.host.PhysicalNic.CdpInfo) {

         cdpVersion = 2,

         timeout = 60,

         ttl = 136,

         samples = 29036,

         devId = "ESW-540-24P",

         address = "192.168.1.4",

         portId = "g21",

         deviceCapability = (vim.host.PhysicalNic.CdpDeviceCapability) {

            router = false,

            transparentBridge = false,

            sourceRouteBridge = false,

            networkSwitch = true,

            host = false,

            igmpEnabled = true,

            repeater = false

         },

         softwareVersion = "2.1.21",

         hardwarePlatform = "ESW-540-24P",

         ipPrefix = "0.0.0.0",

         ipPrefixLen = 0,

         vlan = 1,

         fullDuplex = true,

         mtu = 0,

         systemName = "",

         systemOID = "",

         mgmtAddr = "0.0.0.0",

         location = ""

      },

      lldpInfo = (vim.host.PhysicalNic.LldpInfo) null

   },

   (vim.host.PhysicalNic.NetworkHint) {

      device = "vmnic2",

      subnet = <unset>,

      network = <unset>,

      connectedSwitchPort = (vim.host.PhysicalNic.CdpInfo) null,

      lldpInfo = (vim.host.PhysicalNic.LldpInfo) null

   },

   (vim.host.PhysicalNic.NetworkHint) {

      device = "vmnic3",

      subnet = <unset>,

      network = <unset>,

      connectedSwitchPort = (vim.host.PhysicalNic.CdpInfo) null,

      lldpInfo = (vim.host.PhysicalNic.LldpInfo) null

   }

]

0 Kudos
hussainbte
Expert
Expert

Sorry.. its still not clear for me..

If you have 2 separate vLAN tagging done on virtual switch side, that both the uplinks should allow both vLANs.

If you only have one vLAN than the uplinks need to allow that vLAN. If is required for that vLAN to be other than the native vLAN..

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
0 Kudos
Stippi
Contributor
Contributor

Hey, sorry for my bad explanation..

we have only 1 vLAN, as you can see in the following output:

esxcfg-vswitch -l

Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks

vSwitch0                       4082        13                  128               1500    vmnic0,vmnic1

  PortGroup Name        VLAN ID  Used Ports  Uplinks

  VM Network                           0        7           vmnic0,vmnic1

  Management Network            0        1           vmnic0,vmnic1

How do I check, if the uplinks are allowed to that vLAN? In my mind, they already should be allowed to the native vLAN 0.

0 Kudos
hussainbte
Expert
Expert

Any particular reason why you are tagging the VMs with the native vLAN ID.

If you are saying you native vLAN ID is 0, it is not required for you to be doing virtual switch tagging for the same vLAN.

take a look at this KB for reference:

VMware Knowledge Base

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
0 Kudos
Stippi
Contributor
Contributor

Thanks for the KB link!

Why do you think I am tagging the VMs with the native vLAN ID? I think this is done by the host automatically, not by myself.

Just looked into the configuration of my Cisco switches, for all connected ports vLAN trunk is active. But still no success.

I can't even reach my gateway out of my host. It is hilarious, don't really know why! What else do I have to check?

0 Kudos
hussainbte
Expert
Expert

I see there are 7 ports in use by the VM Network portgroup.. can you confirm that the other 6 machines can ping the gateway and all communication for them is OK..?

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
0 Kudos
TomHowarth
Leadership
Leadership

are the Domain Controller and the Exchange server on the same subnet as the new host, if so this would explain why you could ping those machines but not anyother environment.  I would first look at the default gateway on the VM,

net I would look for shadow network devices on the VM and delete them if they are present.

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
0 Kudos