Hello,
I have created a setup with 2 segments, Segment1 with subnet 192.168.1.1/24 and Segment2 with subnet 192.168.2.1/24, to each segment I have connected 2 vms from 2 different servers, ping within the segment but on different servers works as example machine1 192.168.1.100 can reach machine2 192.168.1.101, also true for Segment2 machine3 192.168.2.100 can reach machine3 192.168.2.101, I have created a tier 1 gateway in order to send traffic from segment one to segment two. Lets say i want to ping from machine2(192.168.1.101) to machine4(192.168.2.101) and it does not work from my machines.
This is the configuration on my segments and Tier1:
Also when I do a traffic analysis between machine2 and machine4 everything looks good I get delivered and no errors.
I dont understand why traffic analysis shows as everything is alright but I cant ping from machine2 to machine4.
Has someone encountered this issue before? Or has any idea how to solve this?
your default gateway is on the wrong interface.
its not an nsx problem.
create a static route for your management on ens 33 and the default route to the nsx segment on ens34
Thats strange. Hope you configured gateways properly on VM's and VM's are not dropping ICMP on OS firewall side.
Can you please move all these 4 VM's to one ESX host(just to ruleout MTU issues) and use TRACEFLOW tool to test PING traffic between VM's between different segments? and send the screenshot?
It works between different machine but on the same segment so it is not a issue between the servers, even on the same machine but with different segments it does not work, the issue is with the routing but I dont know what it is 😞
Have you checked Route Advertisement - that all connected segments is checked?
If this is what you are referring to than yeah
Can you do a Traceflow (Select Plan & Troubleshoot > Traffic Analysis > Traceflow > Get Started.)
Selcet the vms as source and destination and show the result.
Hi, have you tried to move all your VMs on the same server and verify if VMs of the Segment1 can reach VMs on the Segment2??
I did and from traceflow everything seems ok 😞
He writes that he can ping VMs in the same segment across servers, so the tunnels between the transport nodes should be OK.
Even if they are on the same server if there are different segments I cant reach them, but if vms are on different servers but same segment they can comunicate.
Yes but from the Vms does not work, from both sides.
Silly question, maybe a local firewall on the VM?
Can you reach all segment IPs from all VMs?
Looks to me like a routing problem on the VM, since the traffic works in the same segment.
From vm1 I can only reach its network 192.168.1.1, not the other network 192.168.2.1. I dont know of any firewall configured how do I check on the vm?
What OS is it?
What is your default gateway?
I have linux sever 22.0.4 and it haves two networks a managemenet one with 10.38.x.x and the second interface is connected to the segment 192.168.1.101(I added the ip to this interface)
can you print the output of the route table from the vm?
you have simple type route at the ssh session
I think that the default GW is set on the management network and not on the 192.168.1.101
try the following:
# ip route list
and post the outcomes.
If you have 2 interfaces, you should create a static route for the management and set the default gateway for the other adapter to the nsx segment.
ens33 is management and ens34 is the one connected to segment1
your default gateway is on the wrong interface.
its not an nsx problem.
create a static route for your management on ens 33 and the default route to the nsx segment on ens34