4

I have two VM's in Azure with different public IP's:

10.10.1.9
10.10.1.6

When I do a telnet with following command from the server 10.10.1.6, I get the a error:

telnet 10.10.1.9 2181
Trying 10.10.1.9...
telnet: connect to address 10.10.1.9: No route to host

When I do a tcpdump in 10.10.1.9 side, I get the following log:

#tcpdump -i eth0 port 2181
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
07:55:35.530270 IP 10.10.1.6.55910 > 10.10.1.9.eforward: Flags [S], seq 1018543857, win 14600, options [mss 1418,sackOK,TS val 181360935 ecr 0,nop,wscale 7], length 0

Same time I also do a tcpdump on 10.10.1.6 side while i do a telnet from 10.10.1.6 to 10.10.1.9

tcpdump -i eth0 port 2181
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
07:55:57.970696 IP 10.10.1.6.55910 > 10.10.1.9.eforward: Flags [S], seq 1018543857, win 14600, options [mss 1460,sackOK,TS val 181360935 ecr 0,nop,wscale 7], length 0

**tcpdump on 10.10.1.9 with arp **

#tcpdump -i eth0 port 2181 or arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
08:00:18.356153 IP 10.10.1.6.55944 > 10.10.1.9.eforward: Flags [S], seq 3337054296, win 14600, options [mss 1418,sackOK,TS val 181643770 ecr 0,nop,wscale 7], length 0
08:00:42.294801 ARP, Request who-has 10.10.1.6 tell 10.10.1.9, length 28
08:00:42.295859 ARP, Reply 10.10.1.6 is-at 12:34:56:78:9a:bc (oui Unknown), length 28

tcpdump on 10.10.1.6

tcpdump -i eth0 port 2181 or arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
08:00:40.805565 IP 10.10.1.6.55944 > 10.10.1.9.eforward: Flags [S], seq 3337054296, win 14600, options [mss 1460,sackOK,TS val 181643770 ecr 0,nop,wscale 7], length 0
08:00:45.805204 ARP, Request who-has 10.10.1.9 tell 10.10.1.6, length 28
08:00:45.805721 ARP, Reply 10.10.1.9 is-at 12:34:56:78:9a:bc (oui Unknown), length 28
08:02:04.752283 ARP, Request who-has 10.10.1.9 tell 10.10.1.6, length 28
08:02:04.753141 ARP, Reply 10.10.1.9 is-at 12:34:56:78:9a:bc (oui Unknown), length 28

Sequence of run : First I ran tcpdumps on both 10.10.1.9 and 10.10.1.10 and then tried doing telnet from 10.10.1.10.

arp -a on 10.10.1.9

#arp -a
? (10.10.1.7) at 12:34:56:78:9a:bc [ether] on eth0
? (10.10.1.4) at 12:34:56:78:9a:bc [ether] on eth0
? (10.10.1.1) at 12:34:56:78:9a:bc [ether] on eth0
? (10.10.1.8) at 12:34:56:78:9a:bc [ether] on eth0
? (10.10.1.10) at <incomplete> on eth0
? (10.10.1.11) at 12:34:56:78:9a:bc [ether] on eth0
? (10.10.1.6) at 12:34:56:78:9a:bc [ether] on eth0
? (10.10.1.5) at 12:34:56:78:9a:bc [ether] on eth0

arp -a on 10.10.1.6

#arp -a
? (10.10.1.1) at 12:34:56:78:9a:bc [ether] on eth0
? (10.10.1.10) at <incomplete> on eth0
? (10.10.1.9) at 12:34:56:78:9a:bc [ether] on eth0

Thanks in advance.

peterh
  • 11,875
  • 18
  • 85
  • 108
Nilotpal
  • 3,237
  • 4
  • 34
  • 56

1 Answers1

4

The tcpdump in 10.10.1.9 says that it received a packet from 10.10.1.10. but could not reply back...as a result we get "No route to host" on 10.10.1.10 side.

You should get "No route to host" if there is, in fact, no route from 10.10.1.10 to 10.10.1.9, not just because a packet sent from 10.10.1.10 to 10.10.1.9 didn't get a reply. I.e., you should only get "No route to host" if 10.10.1.10 couldn't send a packet to 10.10.1.9 in the first place!

Now, perhaps the OS running on 10.10.1.10 is being stupid and returning EHOSTUNREACH ("No route to host") rather than, for example, ETIMEDOUT ("Operation timed out") if it never gets a SYN+ACK back from the initial SYN.

Or perhaps there was a route from 10.10.1.10 to 10.10.1.9 during the time the

23:46:30.003480 IP 10.10.1.10.42946 > 10.10.1.9.eforward: Flags [S], seq 2823099523, win 14600, options [mss 1418,sackOK,TS val 74982205 ecr 0,nop,wscale 7], length 0

packet was sent, but 10.10.1.9 wasn't able to, or decided not to, respond to that initial SYN with a SYN+ACK, and when 10.10.1.10 retransmitted the SYN, it was no longer able to send packets to 10.10.1.9, and reported "No route to host".

If this is reproducible, I would suggest running tcpdump on both hosts, to see more details as to what happened. I would suggest running a command such as

tcpdump -i eth0 port 2181 or arp

so that, for example, if the problem is that the ARP entry for the other host timed out on one of the hosts, and a subsequent attempt to re-ARP for the other host's MAC address failed, that will show up. (I'm assuming here that there's no router in between 10.10.1.10 and 10.10.1.9, so that "No route to host" really means "No ARP entry for host".)

(Another possibility is that there's some sort of "packet filter"/firewall in place on one or the other host, handling some ports differently from others, so that connecting to port 22 is possible but connecting to port 2181 isn't possible.)

  • 1
    i ran the command: 04:28:32.354804 ARP, Request who-has 10.10.1.10 tell 10.10.1.9, length 28 04:28:32.355507 ARP, Reply 10.10.1.10 is-at 12:34:56:78:9a:bc (oui Unknown), length 28 ...............Am able to get a arp reply from both 10.10.1.9 and 10.10.1.10 – Nilotpal May 24 '16 at 08:38
  • 1
    So, if you're running that tcpdump command on *both* machines, what gets shown on 10.10.1.10 when the telnet fails? (Presumably the tcpdump command on both hosts is still running at that point, and you've shown all the output it produced.) –  May 24 '16 at 09:02
  • 1
    on machine 10.10.1.10 .... #tcpdump -i eth0 arp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 04:32:49.721119 ARP, Request who-has 10.10.1.10 tell 10.10.1.10, length 28 04:32:49.722099 ARP, Reply 10.10.1.10 is-at 12:34:56:78:9a:bc (oui Unknown), length 28 – Nilotpal May 24 '16 at 09:39
  • 1
    The server is new and there is no packet filetering / firewall atall!! i need an urgent help as i find no way at all!!! – Nilotpal May 24 '16 at 16:41
  • Run `tcpdump -i eth0 port 2181 or arp`, not just `tcpdump -i eth0 arp` on both machines, when you try to telnet from 10.10.1.10 to 10.10.1.9. –  May 24 '16 at 17:17
  • @Harris : i updated my post with the outputs you wanted!! – Nilotpal May 25 '16 at 05:24
  • Does the machine at 10.10.1.10 have more than one network interface? The tcpdump on 10.10.1.10 is not printing any ARP requests for 10.10.1.9 that request that the ARP *reply* be sent to 10.10.1.10, and it's not printing any TCP packets from 10.10.1.10 to 10.10.1.9. Is 10.10.1.6 a different machine from both 10.10.1.10? What does the command `arp -a` print on 10.10.1.10? –  May 25 '16 at 09:48
  • 1
    edited the post with the arp output. Actually we removed 10.10.1.10 VM and created a new VM 10.10.1.6 yesterday. 10.10.1.6 is created with image of 10.10.1.10 in azure. Also these machines have different public ip adreses. As of now in the post i have written 10.10.1.10 to avoid confusion. but after this, i shall be saying 10.10.1.6 !! – Nilotpal May 25 '16 at 10:11
  • OK, so redo *all* the tests, now with 10.10.1.6 trying to Telnet to 10.10.1.9 port 2181, with tcpdump running on 10.10.1.6 and 10.10.1.9 while you're trying to do the Telnet, and post the output of both commands. –  May 25 '16 at 19:39
  • 1
    hey Harris!!, i have updated my entire post. can you have a look on it!! – Nilotpal May 26 '16 at 12:08
  • 1
    OK, it looks as if, for whatever reason, 10.10.1.6 isn't sending a SYN+ACK back to 10.10.1.9 in response to the initial SYN. ARP seems to be working. You may have to ask whoever set the VMs up to help you, or get help from Microsoft, as there's something extremely odd happening here. –  May 26 '16 at 20:04