Highlighted
Enthusiast
Enthusiast

Cant ping between VXLANs

Hi all I have the following setup

Host1

VM1 VXLAN 5001 172.16.10.11

VM5 VXLAN 5002 172.16.20.12

Host2

VM2 VXLAN 5001 172.16.10.12

VM3 VXLAN 5002 172.16.20.11

VM4 VXLAN 5003 172.16.30.11

DLR-1

LIF - VXLAN 5001 172.16.10.1

LIF - VXLAN 5002 172.16.20.1

LIF - VXLAN 5003 172.16.30.1

All VMs can ping their default gateway (.1) and all VMs can ping other VMs in the same VXLAN even across hosts e.g VM1 and VM3. However no VM can ping another VM in a different VXLAN even on the same host e.g VM1 to VM5. When I logon to the DLR CLI I can ping all the .1 address but cant ping the VMs. Firewalls have no deny/reject rules. Anybody have any idea why this isn't working?

0 Kudos
3 Replies
Highlighted
VMware Employee
VMware Employee

Please make sure that all these logical switches are connected to the same global transport zone.

Then check the controller status.show control-cluster startup-nodes

Also check if controllers have NTP and DNS configured

# show network ntp-servers
# show network ntp-status

Also can you please check the gateway for the vxlan on each host and make sure it is configured. This is separate from the tcp/ip segment default gateway.

You can also use the following commands for troubleshooting , to make sure arp and mac addresses are passed along

show control-cluster logical-switches vtep-table 5001

show control-cluster logical-switches vtep-table 5002

show control-cluster logical-switches vtep-table 5003

show control-cluster logical-switches mac-table 5001

Thanks

Azhar

0 Kudos
Highlighted
Enthusiast
Enthusiast

Login to the Controller

At the command prompt, run the following commands and review the command output.

show control-cluster logical-switches vtep-table 5001

show control-cluster logical-switches mac-table 5001

show control-cluster logical-switches arp-table 5001

show control-cluster logical-switches vtep-table 5002

show control-cluster logical-switches mac-table 5002

show control-cluster logical-switches arp-table 5002

show control-cluster logical-switches vtep-table 5003

show control-cluster logical-switches mac-table 5003

show control-cluster logical-switches arp-table 5003

If the ARP-table is empty,

Please check the interfaces ip's configured in the DLR

0 Kudos
Highlighted
Contributor
Contributor

I would agree with Azhar,

What is the configuration of your transport zone ?

Go to vCenter --> Networking & Security --> Installation --> Logical Network Preparation

Check your transport zone status here ..  Does the transport zone includes clusters containing all the hosts ?  Is the control plane mode set to Unicast ?

Gaurav

0 Kudos