VMware Networking Community
MinaMF
Enthusiast
Enthusiast
‎01-03-2017 01:52 PM

migration vm

Hello community,

please need your help as i deployed NSX on two physical servers and  created two vms called DB-1 and DB-2 and connected to same logical switch which called DB-logical switch

the problem is  these two vms can connect (ping) each other if they were in the same physical server BUT when migrate one of them to the second physical server , they can't connect each other !

Note : i added the two physical server to the same VDS ( virtual Distributed Switch).

how can this issue solved or how to troubleshoot ?

11 Replies
rajeevsrikant
Expert
Expert
‎01-03-2017 06:20 PM

It should be related to the distributed port group NIC teaming configuration.

What is the current NIC teaming configuration.

Set the load balancing policy at distributed port group as Route based on IP hash.

0 Kudos
bayupw
Leadership
Leadership
‎01-03-2017 07:46 PM

What teaming policy do you use for the VTEP?

Make sure your uplink physical switches has been configured to minimum 1600 and matches the MTU in the VDS & VTEP/VXLAN configuraiton.

You can verify or test if VXLAN/VTEP is working properly.

To test VXLAN, you can do a logical switch ping from Networking & Security > Logical Switch > Logical Switch name > Monitor > Ping / Broadcast

63632_63632.PNGvxlanping.PNG

To test VTEP to VTEP vmkernel ping, use vmkping command as below:

    vmkping ++netstack=vxlan <vmknic IP> -d -s <packet size>

See this KB: Testing VMkernel network connectivity with the vmkping command (1003728) | VMware KB

To validate this, ping using MTU smaller than 1500 e.g. 1470 then try again using MTU higher than 1500 e.g. 1570.

If the ping works with the smaller (1470) size, but not 1570, then you have MTU issue in your physical switch.

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
bayupw
Leadership
Leadership
‎01-03-2017 09:17 PM

Just to add on teaming policy configuration, normally the choice in teaming mode will be depend on simplicity, bandwidth requirement, and uplink physical switch configuration.

For simplicity, you can choose Fail Over (Explicit Failover Order) or SRC_ID (Route based on Originating Port) if you don't have specific bandwidth requirement

nsxnicteam.PNG

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
MinaMF
Enthusiast
Enthusiast
‎01-04-2017 02:02 AM

Thanks rajeevsrikant ,

but i have no idea about NIC teaming configuration .

could you please explain how to configure it .

Thanks,

Said

0 Kudos
rajeevsrikant
Expert
Expert
‎01-04-2017 05:12 AM

Attached is the screen shot for your reference.

Let me know what is your current settings regarding the teaming.

Preview file
56 KB
MinaMF
Enthusiast
Enthusiast
‎01-04-2017 06:36 AM

Failover also.

0 Kudos
bayupw
Leadership
Leadership
‎01-04-2017 10:46 AM

How about MTU configuration?

Have you double check MTU config on uplink physical switch?
Have you test the VXLAN & VTEP to VTEP vmkernel vmkping as per my reply earlier above?

Logical switch ping from Networking & Security > Logical Switch > Logical Switch name > Monitor > Ping / Broadcast

63632_63632.PNGvxlanping.PNG

To test VTEP to VTEP vmkernel ping, use vmkping command as below:

    vmkping ++netstack=vxlan <vmknic IP> -d -s <packet size>

See this KB: Testing VMkernel network connectivity with the vmkping command (1003728) | VMware KB

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
rajeevsrikant
Expert
Expert
‎01-04-2017 06:52 PM

How are the hosts connected to the physical switches.Are you using channel-group.

Trying changing the teaming settings to Route based on IP hash & check the connectivity status.

0 Kudos
MinaMF
Enthusiast
Enthusiast
‎01-05-2017 12:47 AM

Hi Bayo ,

that the test result output , what this mean ?

ping test.PNG

0 Kudos
bayupw
Leadership
Leadership
‎01-05-2017 02:16 AM

Try to do a VTEP vmkping from host 192.168.4.10 to 192.168.4.40

Check the VTEP vmkernel IP of both hosts, for example the VTEP is 192.168.5.10 & 192.168.5.40

SSH in to 192.168.4.10, do a vmkping using format in my previous reply as per KB: vmkping ++netstack=vxlan <vmknic IP> -d -s <packet size>

ping with MTU 1570: vmkping ++netstack=vxlan 192.168.6.40 -d -s 1570

ping with MTU 1470: vmkping ++netstack=vxlan 192.168.6.40 -d -s 1470


If the ping works with the smaller (1470) size, but not 1570, then you have MTU issue in your physical switch.

Check your physical switch make sure the MTU has been configured with minimum 1600 and match with your VXLAN/VDS configuration

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
MinaMF
Enthusiast
Enthusiast
‎01-09-2017 08:32 AM

HI Bayu,

physically i connect the first interface of physical servers to physical switch ( for managemet)

and connect the second interface of physical servers (which i assigned to uplink1 of VDS ) to each other by cable.

it this true connection ?

and when ssh to two physical hosts and run vmkping ++netstack=vxlan 192.168.4.19 -d -s 1600 from 192.168.4.40 , i can ping normally

but when run vmkping ++netstack=vxlan 192.168.4.20 -d -s 1600 from 192.168.4.10 , i can't ping and  get message "sendto() failed (Message too long)"

so i changed the packet size to 1400 and run command again "vmkping ++netstack=vxlan 192.168.4.20 -d -s 1400" ,and it can't ping at all


192.168.4.19 is the vtep ip of 192.168.4.10

192.168.4.20 is the vtep ip of 192.168.4.40


although i can ping to host ip normally with 1600 packet size !

from 192.168.4.10 to 192.168.4.40

so what is the prob. ?

and is my physical connection is true ?

0 Kudos