VMware Cloud Community
dbeermat
Contributor
Contributor
‎11-17-2010 06:29 PM
Jump to solution

difference between ping and vmkping command in esxi 4.1 hosts

Hi

I am having trouble in grasping the vmkping command and the ping command when used in virtualization,within esxi hosts but correct me if i am wrong in my assumption

1. the vmkernel which is the microcode if you like of the vsphere suite which handles all communications between the physical host and the guest host, it is the hypervisor if you like,correct?

2. the vmkernel has its own virtual ip stack which handles all vmotion,iscsi and fibre storage traffic, correct?

3. lets say i have two esxi hosts (esx1 and 2) using two uplink nic adapters where vmnic0 on both esxi hosts are the virtual machine port groups and vmnic 1 is used for the vmkernel port on esi 1 and 2.

the standard ping command will ping the vmkernel ip addresses on both esxi hosts but it would not be using the vmkernels internal ip stack to verify communication between the the two vmkernel uplink ports, instead it is using the phyisical hosts tcp/ip stack to resolve the ip addresses connectivity and would only verify communication from each up link port.

using vmkping command, one dials into esx1 host using putty for example and issues the vmkping command to ESX2 from within the esx1 host which uses its own vmkernel tcp/ip stack to achieve a connection from esx2, so in effect the ping is travelling from the vmkernel port of esx1 directly to the uplink port of esx2 and back again verifying storage connectivity,correct

apologies if i have not explained it better but if you need any more clarification about my question let me know,

thak you.

1 Solution

Accepted Solutions
ThompsG
Virtuoso
Virtuoso
‎11-17-2010 08:03 PM
Jump to solution

Hi there,

Yes you are correct. The VMkernel is the hypervisor - the thing that makes the magic of virtualisation work.

The VMkernel has an IP stack in order to do the things you have mentioned: vMotion, iSCSI, NFS, etc which only exist as interfaces on the VMkernel. Often, but not always, these IP addresses are not accessable outside the VMkernel. For example if you are running a dedicated isolated network for these services. Basically by issuing a vmkping you are issuing a ping from the VMkernel interface to another interface, not necessarily another VMkernel interface.

Contrast this with ping which is just issued from the Service Console interface.

If we look at a simple ESX build - two hosts (ESXA and ESXB) with two network adapters (vmnic0 and vmnic1). On both ESXA and B we have the Service Console running from vmnic0 with the pNics connected to a switch. We are running a cross over cable between the hosts connected to vmnic1 and have this configured for vMotion. In this scenario if you issue a ping from either host you will be able to a response from the Service Console IP and other devices on the same subnet connected to the switch. However if you ping the vMotion address you will not as this is on a different unreachable network - in steps vmkping.

Trust this helps.

View solution in original post

3 Replies
idle-jam
Immortal
Immortal
‎11-17-2010 06:36 PM
Jump to solution

Yes, vmkping will be used to pint vmkernel ip address and vmotion ip address for troubleshooting. says vmotion error


iDLE-jAM | VCP 2, VCP 3 & VCP 4

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

0 Kudos
ThompsG
Virtuoso
Virtuoso
‎11-17-2010 08:03 PM
Jump to solution

Hi there,

Yes you are correct. The VMkernel is the hypervisor - the thing that makes the magic of virtualisation work.

The VMkernel has an IP stack in order to do the things you have mentioned: vMotion, iSCSI, NFS, etc which only exist as interfaces on the VMkernel. Often, but not always, these IP addresses are not accessable outside the VMkernel. For example if you are running a dedicated isolated network for these services. Basically by issuing a vmkping you are issuing a ping from the VMkernel interface to another interface, not necessarily another VMkernel interface.

Contrast this with ping which is just issued from the Service Console interface.

If we look at a simple ESX build - two hosts (ESXA and ESXB) with two network adapters (vmnic0 and vmnic1). On both ESXA and B we have the Service Console running from vmnic0 with the pNics connected to a switch. We are running a cross over cable between the hosts connected to vmnic1 and have this configured for vMotion. In this scenario if you issue a ping from either host you will be able to a response from the Service Console IP and other devices on the same subnet connected to the switch. However if you ping the vMotion address you will not as this is on a different unreachable network - in steps vmkping.

Trust this helps.

kwg66
Hot Shot
Hot Shot
‎06-25-2021 09:03 AM
Jump to solution

Hi ThompsG - Network group says they didn't isolate the vmotion network and that it should be reached via ICMP.

However, from my workstation, or any other server on a different network,  I can't ping the vmotion IP of a host, but when I'm on the SSH session of another vSphere host, not on the vmotion network but on its own mgmt network, I can ping the vmotion IP using standard ping.   

 

Can you explain this behavior?     Has VMWare updated its hypervisor to add a security features I'm unaware of?    I fully understand vmkping is used when the vmotion network is isolated, but why is it that I can't ping vmotion IP from non vmware hosts when its NOT isolated?   

 

 

0 Kudos