Vm can not ping default gateway

Version 1
    This document was generated from CDN thread

    Created by: Kshitij Purwar on 14-03-2012 03:41:57 AM
    Hi,
     
    i have sre-900 blade on 3945 router,everthing is working fine,but vm can not ping default gateway.
     
    Here is the configuration details
     
    interface GigabitEthernet0/1
     ip address 10.65.157.175 255.255.254.0
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/2
    no ip address
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/3
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface SM1/0
     ip unnumbered GigabitEthernet0/1
     service-module ip address 10.65.157.176 255.255.254.0
     !Application: VMware ESXi 5.0.0 build-474610 running on SRE
     service-module ip default-gateway 10.65.157.175
    !
    interface SM1/1
     description Internal switch interface connected to Service Module
     no ip address
    !
    interface Vlan1
     no ip address
     shutdown
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    ip route 0.0.0.0 0.0.0.0 10.65.156.1
    ip route 10.65.157.176 255.255.255.255 SM1/0
    ip route 10.65.157.177 255.255.255.255 GigabitEthernet0/1

    Subject: RE: Vm can not ping default gateway
    Replied by: Anusha Kannappan on 14-03-2012 05:41:34 AM
    Hi Kshitij,

    Please configure the 'switchport mode trunk' under the 'interface SM1/1' and the 'interface Vlan1' should also be configured with a valid address.

    The above two configs are missing in your running config.

    BTW what is the address that is been confiured for the VM?

    Thanks,
    Anusha

    Subject: RE: New Message from Kshitij Purwar in Service Ready Engine Virtualization
    Replied by: Radhika Miriyala on 15-03-2012 12:53:58 PM
    Hi kshitij,

    By default the VM is in a VSwitch that requires you to configure Vlan 1. You can still have the vlan 1 on the same subnet as the router by using ip unnumbered for configuration for vlan. You would need to add the router for the VM and point that to vlan 1 once you do it.



    If you do not want to use VLAN than you have to change the VM to vsiwtch 0 (create a VM port group under vswitch 0 and move the VM here).



    Thanks,

    Radhika



    From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com]
    Sent: Thursday, March 15, 2012 9:49 AM
    To: cdicuser@developer.cisco.com
    Subject: New Message from Kshitij Purwar in Service Ready Engine Virtualization - SRE-V Technical Questions: RE: Vm can not ping default gateway



    Kshitij Purwar has created a new message in the forum "SRE-V Technical Questions":

    --------------------------------------------------------------
    Hi Anusha,

    i can ping every address form my router and also esx can ping every address,but from vm i can not ping default address.

    VM ip is 10.65.157.177

    ip route for vm

    ip route 10.65.157.177 255.255.255.255 sm1/0

    i dont want vlan senario,i need all the things on the same subnet.

    esx is on vswitch0 and vm is on vswitch1,do i move to vm under vswitch0

    please help me.i am stuck.every day management ask me for RCA.

    Regards
    Kshitij
    --
    To respond to this post, please click the following link:

    <http://developer.cisco.com/web/srev/forums/-/message_boards/view_message/5296699>

    or simply reply to this email.

    Subject: RE: New Message from Charlie Jones in Service Ready Engine Virtualization -
    Replied by: Radhika Miriyala on 15-03-2012 01:49:58 PM
    Hi Charlie,


    Vswitch 0 is connected to inter sm 1/0 and vswitch 1 is connected to interface sm 1/1 ( need to configure vlan ). If the VM is in vsiwtch 1 (default vmport group) you need to configure the vlan 1. Please take a look at that the document http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/sre_v/2.0/user/guide/vsphere.html#wp1081138 section Networking Prerequisites for Creating Virtual Machines


    This section has an example of configuring networking for the VM when the VM is in vswitch 1.


    Thanks,


    Radhika






    From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com]
    Sent: Thursday, March 15, 2012 10:42 AM
    To: cdicuser@developer.cisco.com
    Subject: New Message from Charlie Jones in Service Ready Engine Virtualization - SRE-V Technical Questions: RE: Vm can not ping default gateway



    Charlie Jones has created a new message in the forum "SRE-V Technical Questions":

    --------------------------------------------------------------
    I have the same issue. Below is my configuration, at least the pertinent info for the SRE. You mention that vlan1 needs to be configured. Can that be any IP in the same subnet as my gi0/0.100 interface?

    On the same note as Kshitij, when I go into V-sphere, I have two switches Vswitch0 and Vswitch1. Vswitch0 is the mgmt, and vswitch1 is where my VM is. Just looking at the configuration, do these switches need to show up as connected? Or does my VM need to be on Vswitch0?

    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    !
    interface GigabitEthernet0/0
    no ip address
    ip nbar protocol-discovery
    ip flow ingress
    duplex full
    speed 100
    no snmp trap link-status
    !
    interface GigabitEthernet0/0.100
    encapsulation dot1Q 100
    ip address 10.191.100.1 255.255.255.0
    ip helper-address 10.172.1.242
    ip flow ingress

    interface SM1/0
    ip unnumbered GigabitEthernet0/0.100
    service-module ip address 10.191.100.5 255.255.255.0
    !Application: VMware ESXi 5.0.0 build-474610 running on SRE
    service-module ip default-gateway 10.191.100.1
    !
    interface SM1/1
    description Internal switch interface connected to Service Module
    switchport mode trunk
    no ip address

    ip route 0.0.0.0 0.0.0.0 10.191.100.2
    ip route 10.191.100.5 255.255.255.255 SM1/0
    ip route 10.191.100.10 255.255.255.255 SM1/0
    --
    To respond to this post, please click the following link:

    <http://developer.cisco.com/web/srev/forums/-/message_boards/view_message/5296772>

    or simply reply to this email.

    Subject: RE: Vm can not ping default gateway
    Replied by: Kshitij Purwar on 15-03-2012 02:07:40 PM
    Hi,

    I canot configure vlan with same subnet,because gi0/0 has been configured the same subnet IP and we dont have any other subnet for configure.

    can you please tell me what would be the deafult gateway and default route for vM.

    Please also let me know how to configure port group and how to move VM to this port group.

    Regards
    kshitij

    Subject: RE: New Message from Charlie Jones in Service Ready Engine Virtualization -
    Replied by: Radhika Miriyala on 15-03-2012 02:17:58 PM
    Yes the warning is expected for ip unnumbered as some the benefits of vlan creation are lost  by doing the ip unnumbered configuration.



    From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com]
    Sent: Thursday, March 15, 2012 11:13 AM
    To: cdicuser@developer.cisco.com
    Subject: New Message from Charlie Jones in Service Ready Engine Virtualization - SRE-V Technical Questions: RE: Vm can not ping default gateway



    Charlie Jones has created a new message in the forum "SRE-V Technical Questions":

    --------------------------------------------------------------
    What I am trying to accomplish is to have the server IP be in the same subnet as our users subnet (10.191.100.x/24). What you said makes sense to me, however when I tried to set interface VLAN 100 to ip unnumbered GI0/0.100, I receive the following error message.

    Warning: dynamic routing protocols will not work on SVI interfaces with IP unnumbered configured.
    --
    To respond to this post, please click the following link:

    <http://developer.cisco.com/web/srev/forums/-/message_boards/view_message/5296920>

    or simply reply to this email.

    Subject: RE: Vm can not ping default gateway
    Replied by: Kshitij Purwar on 15-03-2012 02:51:05 PM
    Hi Radhika,

    Thanks for all your reply.

    one more question in my case what would be the default gateway for vm

    inter gi0/0 ip or

    esx ip

    Regards
    kshitij

    Subject: RE: New Message from Kshitij Purwar in Service Ready Engine Virtualization
    Replied by: Radhika Miriyala on 15-03-2012 02:52:58 PM
    Interface gi0/0 ip



    Thanks,

    Radhika



    From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com]
    Sent: Thursday, March 15, 2012 11:51 AM
    To: cdicuser@developer.cisco.com
    Subject: New Message from Kshitij Purwar in Service Ready Engine Virtualization - SRE-V Technical Questions: RE: Vm can not ping default gateway



    Kshitij Purwar has created a new message in the forum "SRE-V Technical Questions":

    --------------------------------------------------------------
    Hi Radhika,

    Thanks for all your reply.

    one more question in my case what would be the default gateway for vm

    inter gi0/0 ip or

    esx ip

    Regards
    kshitij
    --
    To respond to this post, please click the following link:

    <http://developer.cisco.com/web/srev/forums/-/message_boards/view_message/5296084>

    or simply reply to this email.

    Subject: RE: Vm can not ping default gateway
    Replied by: Kshitij Purwar on 15-03-2012 12:48:56 PM
    Hi Anusha,

    i can ping every address form my router and also esx can ping every address,but from vm i can not ping default address.

    VM ip is 10.65.157.177

    ip route for vm

    ip route 10.65.157.177 255.255.255.255 sm1/0

    i dont want vlan senario,i need all the things on the same subnet.

    esx is on vswitch0 and vm is on vswitch1,do i move to vm under vswitch0

    please help me.i am stuck.every day management ask me for RCA.

    Regards
    Kshitij

    Subject: RE: Vm can not ping default gateway
    Replied by: Charlie Jones on 15-03-2012 01:42:29 PM
    I have the same issue.  Below is my configuration, at least the pertinent info for the SRE.  You mention that vlan1 needs to be configured.  Can that be any IP in the same subnet as my gi0/0.100  interface?  

    On the same note as Kshitij, when I go into V-sphere, I have two switches Vswitch0 and Vswitch1.   Vswitch0 is the mgmt, and vswitch1 is where my VM is.   Just looking at the configuration, do these switches need to show up as connected?  Or does my VM need to be on Vswitch0?

    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    !
    interface GigabitEthernet0/0
    no ip address
    ip nbar protocol-discovery
    ip flow ingress
    duplex full
    speed 100
    no snmp trap link-status
    !
    interface GigabitEthernet0/0.100
    encapsulation dot1Q 100
    ip address 10.191.100.1 255.255.255.0
    ip helper-address 10.172.1.242
    ip flow ingress

    interface SM1/0
    ip unnumbered GigabitEthernet0/0.100
    service-module ip address 10.191.100.5 255.255.255.0
    !Application: VMware ESXi 5.0.0 build-474610 running on SRE
    service-module ip default-gateway 10.191.100.1
    !
    interface SM1/1
    description Internal switch interface connected to Service Module
    switchport mode trunk
    no ip address

    ip route 0.0.0.0 0.0.0.0 10.191.100.2
    ip route 10.191.100.5 255.255.255.255 SM1/0
    ip route 10.191.100.10 255.255.255.255 SM1/0

    Subject: RE: Vm can not ping default gateway
    Replied by: Charlie Jones on 15-03-2012 01:54:45 PM
    So with the configuration I have, do I just need to create a vlan 100 (which is the same as my DG, and the same subnet that my VM will be in.)?  If that is the case, do I just need to give it any IP address in that same subnet (10.191.100.x/24)?

    Subject: RE: New Message from Charlie Jones in Service Ready Engine Virtualization -
    Replied by: Radhika Miriyala on 15-03-2012 02:02:58 PM
    Charlie,

    If I understand what you are saying correctly you can not create a vlan 100 and give it same subnet as your DG but you can increate vlan 100 and have ip unnumbered to the interface the DG is on. Then add a ip route for the ip address you assign to the VM and point it to vlan100

    Example
    interface vlan 100

    ip unnumbered GigabitEthernet0/0.100



    ip route 10.191.100.11 255.255.255.255 vlan100  à where 10.191.100.11 is the ip address of your VM





    Hope this helps.



    Thanks,

    Radhika

    From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com]
    Sent: Thursday, March 15, 2012 10:55 AM
    To: cdicuser@developer.cisco.com
    Subject: New Message from Charlie Jones in Service Ready Engine Virtualization - SRE-V Technical Questions: RE: Vm can not ping default gateway



    Charlie Jones has created a new message in the forum "SRE-V Technical Questions":

    --------------------------------------------------------------
    So with the configuration I have, do I just need to create a vlan 100 (which is the same as my DG, and the same subnet that my VM will be in.)? If that is the case, do I just need to give it any IP address in that same subnet (10.191.100.x/24)?
    --
    To respond to this post, please click the following link:

    <http://developer.cisco.com/web/srev/forums/-/message_boards/view_message/5296807>

    or simply reply to this email.

    Subject: RE: Vm can not ping default gateway
    Replied by: Charlie Jones on 15-03-2012 02:13:03 PM
    What I am trying to accomplish is to have the server IP be in the same subnet as our users subnet (10.191.100.x/24).  What you said makes sense to me, however when I tried to set interface VLAN 100 to ip unnumbered GI0/0.100, I receive the following error message.

    Warning: dynamic routing protocols will not work on SVI interfaces with IP unnumbered configured.

    Subject: RE: New Message from Kshitij Purwar in Service Ready Engine Virtualization
    Replied by: Radhika Miriyala on 15-03-2012 02:16:58 PM
    Hi Kshitij,



    You can use the example below to configure vlan in the same subnet

    interface vlan 100
    ip unnumbered GigabitEthernet0/0


    ip route 10.19.100.12 255.255.255.255 vlan100 à where 10.191.100.12 is the ip address of your VM


    if you want to  create a new port group under vsiwtch 0 and move the Vm there please see

    http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-networking-guide.pdf page 15 Add a Virtual Machine Port Group



    Thanks,

    Radhika



    From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com]
    Sent: Thursday, March 15, 2012 11:08 AM
    To: cdicuser@developer.cisco.com
    Subject: New Message from Kshitij Purwar in Service Ready Engine Virtualization - SRE-V Technical Questions: RE: Vm can not ping default gateway



    Kshitij Purwar has created a new message in the forum "SRE-V Technical Questions":

    --------------------------------------------------------------
    Hi,

    I canot configure vlan with same subnet,because gi0/0 has been configured the same subnet IP and we dont have any other subnet for configure.

    can you please tell me what would be the deafult gateway and default route for vM.

    Please also let me know how to configure port group and how to move VM to this port group.

    Regards
    kshitij
    --
    To respond to this post, please click the following link:

    <http://developer.cisco.com/web/srev/forums/-/message_boards/view_message/5295835>

    or simply reply to this email.

    Subject: RE: Vm can not ping default gateway
    Replied by: Charlie Jones on 15-03-2012 02:32:05 PM
    Sorry, I didn't do a show run to see that the configuration change stayed part of the configuration.   Below is the current configuration, and when I try to ping the DG, I get destination host unreachable.  The server config is the following:  IP - 10.191.100.20/24, DG is 10.191.100.1

    interface GigabitEthernet0/0
    no ip address
    ip nbar protocol-discovery
    ip flow ingress
    duplex full
    speed 100
    no snmp trap link-status

    interface GigabitEthernet0/0.100
    encapsulation dot1Q 100
    ip address 10.191.100.1 255.255.255.0
    ip helper-address 10.172.1.242
    ip flow ingress

    interface SM1/0
    ip unnumbered GigabitEthernet0/0.100
    service-module ip address 10.191.100.5 255.255.255.0
    !Application: VMware ESXi 5.0.0 build-474610 running on SRE
    service-module ip default-gateway 10.191.100.1
    !
    interface SM1/1
    description Internal switch interface connected to Service Module
    switchport mode trunk
    no ip address
    !
    interface Vlan1
    no ip address
    !
    interface Vlan100
    ip unnumbered GigabitEthernet0/0
    !
    !
    ip route 0.0.0.0 0.0.0.0 10.191.100.2
    ip route 10.191.100.5 255.255.255.255 SM1/0
    ip route 10.191.100.20 255.255.255.255 Vlan100

    Subject: RE: New Message from Charlie Jones in Service Ready Engine Virtualization -
    Replied by: Radhika Miriyala on 15-03-2012 02:44:58 PM
    Ok one thing I fort got mention is that by default the vmnetwork port group is configured to get traffic from vlan 1 can you edit the properties of the port group from vsphere client to port 100.

    You can do this by following steps:

    1)      Login to vSphere client

    2)      Select the ESXI host

    3)      Select the Configuration tab -> then select networking.

    4)      In the networking screen select the Vm netwok port group in vswitch  1-> edit properties.

    5)      You should be able to change the vlan id here.



    Thanks,

    Radhika



    From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com]
    Sent: Thursday, March 15, 2012 11:32 AM
    To: cdicuser@developer.cisco.com
    Subject: New Message from Charlie Jones in Service Ready Engine Virtualization - SRE-V Technical Questions: RE: Vm can not ping default gateway



    Charlie Jones has created a new message in the forum "SRE-V Technical Questions":

    --------------------------------------------------------------
    Sorry, I didn't do a show run to see that the configuration change stayed part of the configuration. Below is the current configuration, and when I try to ping the DG, I get destination host unreachable. The server config is the following: IP - 10.191.100.20/24, DG is 10.191.100.1

    interface GigabitEthernet0/0
    no ip address
    ip nbar protocol-discovery
    ip flow ingress
    duplex full
    speed 100
    no snmp trap link-status

    interface GigabitEthernet0/0.100
    encapsulation dot1Q 100
    ip address 10.191.100.1 255.255.255.0
    ip helper-address 10.172.1.242
    ip flow ingress

    interface SM1/0
    ip unnumbered GigabitEthernet0/0.100
    service-module ip address 10.191.100.5 255.255.255.0
    !Application: VMware ESXi 5.0.0 build-474610 running on SRE
    service-module ip default-gateway 10.191.100.1
    !
    interface SM1/1
    description Internal switch interface connected to Service Module
    switchport mode trunk
    no ip address
    !
    interface Vlan1
    no ip address
    !
    interface Vlan100
    ip unnumbered GigabitEthernet0/0
    !
    !
    ip route 0.0.0.0 0.0.0.0 10.191.100.2
    ip route 10.191.100.5 255.255.255.255 SM1/0
    ip route 10.191.100.20 255.255.255.255 Vlan100
    --
    To respond to this post, please click the following link:

    <http://developer.cisco.com/web/srev/forums/-/message_boards/view_message/5296947>

    or simply reply to this email.

    Subject: RE: Vm can not ping default gateway
    Replied by: Charlie Jones on 15-03-2012 03:07:49 PM
    Unfortunately, I still cannot ping the gateway from the VM.

    Is there anything from the Vsphere client I could attach to assist?

    Subject: RE: New Message from Charlie Jones in Service Ready Engine Virtualization -
    Replied by: Radhika Miriyala on 15-03-2012 03:12:58 PM
    Hi Charlie,

    It might help if you can give screen shots of the newtroking configuration and the vmnetwork port group edit properties screen shot.

    Also one more thing to check is if your vm is running windows you check the firewall properties.

    If the above two steps don’t help we can have a debugging session this via a webex.

    Thanks,

    Radhika



    From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com]
    Sent: Thursday, March 15, 2012 12:08 PM
    To: cdicuser@developer.cisco.com
    Subject: New Message from Charlie Jones in Service Ready Engine Virtualization - SRE-V Technical Questions: RE: Vm can not ping default gateway



    Charlie Jones has created a new message in the forum "SRE-V Technical Questions":

    --------------------------------------------------------------
    Unfortunately, I still cannot ping the gateway from the VM.

    Is there anything from the Vsphere client I could attach to assist?
    --
    To respond to this post, please click the following link:

    <http://developer.cisco.com/web/srev/forums/-/message_boards/view_message/5297055>

    or simply reply to this email.

    Subject: RE: Vm can not ping default gateway
    Replied by: Charlie Jones on 15-03-2012 03:28:43 PM
    I couldn't get the screen captures to cut over.  Looking through the screenshots, the only difference between the two switches is in the port group properties.  On the switch that the VM is on, the vlan 100.  On the mgmt network (Vswitch0), the vlan shown is 0.

    Subject: RE: Vm can not ping default gateway
    Replied by: Charlie Jones on 15-03-2012 03:47:11 PM
    cjones@apshealthcare.com

    Subject: RE: Vm can not ping default gateway
    Replied by: Charlie Jones on 15-03-2012 03:47:11 PM
    cjones@apshealthcare.com

    Subject: RE: New Message from Kshitij Purwar in Service Ready Engine Virtualization
    Replied by: Charlie Jones on 15-03-2012 04:16:52 PM
    Hi Anurag,

    I made the change you suggested, and I still cannot ping from the VM to the DG.  Windows FW is turned off as well.

    Subject: RE: New Message from Charlie Jones in Service Ready Engine Virtualization -
    Replied by: Radhika Miriyala on 15-03-2012 03:45:58 PM
    Can we do a WebEx session tomorrow to debug this? Please send me your email address if you want to do the WebEx so I can send you the meeting invite.



    From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com]
    Sent: Thursday, March 15, 2012 12:29 PM
    To: cdicuser@developer.cisco.com
    Subject: New Message from Charlie Jones in Service Ready Engine Virtualization - SRE-V Technical Questions: RE: Vm can not ping default gateway



    Charlie Jones has created a new message in the forum "SRE-V Technical Questions":

    --------------------------------------------------------------
    I couldn't get the screen captures to cut over. Looking through the screenshots, the only difference between the two switches is in the port group properties. On the switch that the VM is on, the vlan 100. On the mgmt network (Vswitch0), the vlan shown is 0.
    --
    To respond to this post, please click the following link:

    <http://developer.cisco.com/web/srev/forums/-/message_boards/view_message/5297136>

    or simply reply to this email.

    Subject: RE: New Message from Kshitij Purwar in Service Ready Engine Virtualization
    Replied by: Anurag Gurtu on 15-03-2012 03:59:58 PM
    If you like you can create a new port group under vSwitch0 and have your VM point to that and not use vSwitch at all.



    Thanks



    Anurag Gurtu, CISSP