VM's cannot ping across network but the switch the VM's sit on can

higherho

So I'm bumping into an interesting issue. I will post more configs in a bit but below is my problem.

I have two hosts on a totally different network which is connected to a switch (SWITCH B lets call it) that is connected to the core switch (SWITCH A). Both switches are using RIPV2 to talk to each other. I can ping any network that is located on switch A from SWITCH B. But when I go inside the VM's I only can ping the networks inside switch B.

The por groups inside vSphere are assigned to the correct VLAN IDS. VLan 100 is tied to my production port group which has a default gateway of 172.3.4.1. The vlan on the switch has the default gateway tied to the vlan as well. VLAN 102 is my 3.1

thoughts?

TheNewITGuy

Where is the gateway for the VM's?

higherho

the VLAN on the hardware switch is configured with the IP (172.3.3.1) The VM's (linux distro) is configured to point to that DG. The access ports are setup as trunks and allowing VLAN 100 to 400 through the trunk.

santaowns

is the switch a layer 3 switch or a layer 2 switch, what switch is it? Has this worked in the past? if so what has changed since then? Are the VM networks set as bridged, nat or something else? can the switch ping both sides of the network? My initial guess is that the switch is not layer3 which would mean it cannot route even if it is the default gateway. In that case you would need a router. Second guess is that the vm network configuration or firewall is not allowing them to talk. Once we get more answers i am sure we can find you the correct solution.

santaowns

so if the switch has an ip of 172.3.3.1, then default gateway of 172.3.4.1 would be wrong. default gateway should be the ip of the switch IF it is layer 3.

santaowns

can u give us ip and subnet of each switch and both vms

higherho

santaowns wrote: »

so if the switch has an ip of 172.3.3.1, then default gateway of 172.3.4.1 would be wrong. default gateway should be the ip of the switch IF it is layer 3.

Let me correct my words. Their is no default gateway on the switch it self. All the vlans made on the switch have a IP tied to them. RIPV2 is enabled on the switch with a neighbor relationship to the core switch via a routed port from switch B to switch A. All traffic goes over this link when it wants to talk to the other switch. RIP sends all the networks from Switch A to switch B (I do a show ip route and they all appear) and visa versa. The fact that I can ping from switch to switch makes me think its down to the VM level. No firewalls blocking traffic and no NATing or bridging is going on.

Switch B has two vlans on it with an IP associated to them 172.3.3.1 and 172.3.4.1. From switch A I can ping these vlans but cannot ping the VMs themselves. I've explained in previous posts that both switches are layer 3 (can't route if they are not). The VM's are just assigned to port groups with the VLAN ID appropriate to the VLAN I created on the switch the VMs reside. The only thing I cannot ping is the VMs on switch B. My initial thoughts were that a configuration issue on the port groups is incorrect.

The two ports groups that are on the host can ping each other correctly (both networks 172.3.3.1 and 172.3.4.1). I will post some configs on Tuesday when I'm in.

santaowns

I understood you had a layer 3 but wanted to confirm. I had a similar problem and had to move my vms to a bridged network. Can you ping the hypervisor(ESXI) management IP from both switches? if so switching the network to bridged mode will solve your issue for sure.

higherho

I can ping the ESXi hosts (172.3.4.70 and 71) from both Switch A and B. The VM's btw are linux machines (RHEL 6)