0

I have two virtual machines that are 10.1.1.10 and 10.1.1.20 in an ESX. I try to access theses machines by another network 192.168.1.0/24.

The problem is that when I can ping one machine, I can not ping the other one. And conversely.

Me -> A : Yes

Me -> B : No

and

Me -> A : No

Me -> B : Yes

The machines have different IP addresses and different MAC addresses.

I can not understand what is happenning right here.

Note : When a machine can not be ping, it can not ping its gateway.

Note 2 : When a machine can not be ping, I can not see any traffic comming whith a tcpdump.

Note 3 : Everything is right regarding the firewalls between my networks.

Could you please help me ?

fallais
  • 216
  • 2
  • 10
  • These are two separate VMs, you are sure? What OS? How are you "accessing the machines". What NIC driver is used? –  Apr 18 '13 at 15:22
  • 1
    Your title says "MAC conflict" but then your description says that there isn't one. Which statement is accurate? – MDMarra Apr 18 '13 at 15:23
  • Because I think that this is a MAC conflict but I'm really not sure of that. These are two seperate VMS for sure. 2008R2 and Debian. When I say access I mean ping. – fallais Apr 18 '13 at 15:42
  • Where are you getting the idea of a MAC address conflict from? Have you checked the mac addresses on the guest OS and ESXi? Remember that the machines on the 192.168 network will only see the router MAC. – Dan Apr 18 '13 at 15:45
  • 1
    P.S., it sounds to me like you're diagnosing this the wrong way round. If a machine can not ping it's default gateway then you're NEVER going to be able to speak to it from a different network. The issues are all on the 10.1 side and you need to figure out what's happening between the guest and the gateway. – Dan Apr 18 '13 at 15:46
  • I have checked the MAC addresses on my OSs, they are different. They reply to an arp-request with their MAC addresses. What I think is that there is a virtual switch that hide my VMs behind a unique MAC address. Then the first VM that reply to an arp-request catch all the traffic. But this case never happenned before. – fallais Apr 18 '13 at 15:49
  • @Elwyn Switches don't work like that, virtual or otherwise. Why are you obsessed with the mac address - it sounds like you have a network configuration issue – Dan Apr 18 '13 at 15:52
  • Fine, what to advise me to check in layer 3 ? The question is, why can't I ping A when I ping B ? – fallais Apr 18 '13 at 16:00
  • @Elwyn Provide more detail about your network infrastructure on the 10.1 side. Virtual and physical – Dan Apr 18 '13 at 16:03
  • The network is 10.1.1.0/26, the gateway is 10.1.1.1. The gateway is a checkpoint firewall. Physicaly, VM are in a VLAN X that comes to ESX by a trunk (for every VLAN) – fallais Apr 18 '13 at 16:10
  • It may be a MAC address problem, but not in the way that you think. It sounds like your gateway firewall and possibly your physical switch are losing the MAC address entry for the VM's. I would take a look at the MAC address table in the switch and the ARP cache in the firewall. – joeqwerty Apr 18 '13 at 16:14
  • I will take a look to this yes. But I really do not understand why I can ping A without ping B.. No sense for me – fallais Apr 18 '13 at 16:24
  • can you do arp -a on the two VMs and your machine. Each host should have other host's mac address. If not, then check your subnet mask. Remember, when you ping a host, the first thing that goes around is the arp request to acquire the mac address, arp request is successful if the devices are on the SAME NETWORK based on the subnet, otherwise, your router will send that ping packet to default gateway and it is gone. – Nikolas Sakic Apr 19 '13 at 04:00
  • Also another incident that happened to me last weekend was that, I could not ping a device that I know was on the same network as my machine. I did update on my router firmware, then it started to work. I could ping and scp as I wanted to. – Nikolas Sakic Apr 19 '13 at 04:02

1 Answers1

0

Problem was port-security. Only one MAC address was allowed to use the port. Set to more than one.

fallais
  • 216
  • 2
  • 10