Hi,
I have 2 networks, 192.168.28.0 (in VMware Workstation) and 10.0.64.0 (on a physical Dell Server). Both networks have 3 ESXi and 3 Windows Server in each. Both are behind their respective firewalls, the network between firewalls is 192.168.1.0.
I'm trying trying to access 10.0.64.0 network's ESXi login page from a Windows Server in 192.168.28.0, and vice versa and they seem to be just too slow to load. The following is the loading pages in seconds in each VM.
Loading 10.0.64.74 login page on:
192.168.28.40 - 80 secs
192.168.28.41 - 110 secs
192.168.28.43 - 110 secs
Loading 192.168.28.74 login page on:
10.0.64.40 - 110 secs
10.0.64.41 - 90 secs
10.0.64.43 - 4 secs
The only difference between the last one with 4 secs and other VM is that this one has just 1 vNIC while the rest have multiple vNIC.
A trace route to see the route packets take.
ESXi Server to Windows Server
[root@esxi1s:~] traceroute 192.168.28.40
traceroute to 192.168.28.40 (192.168.28.40), 30 hops max, 40 byte packets
1 10.0.64.67 (10.0.64.67) 0.796 ms 0.869 ms 0.685 ms
2 192.168.1.21 (192.168.1.21) 2.187 ms 2.747 ms 2.874 ms
3 servermdc (192.168.28.40) 3.475 ms 3.752 ms 3.408 ms
Windows Server to ESXi Server
tracert 10.0.64.74
Tracing route to esxi1s.vlab.lab [10.0.64.74]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.28.35
2 3 ms 3 ms 3 ms 192.168.1.31
3 3 ms 3 ms 3 ms esxi1s.vlab.lab [10.0.64.74]
Of note is that the laptop does not have an Ethernet NIC, I'm using a USB 2.0 to 10/100 Ethernet LAN, while the Server has a 10/100/1000 Gigabit Ethernet LAN.
I pinged between networks for 60 sec to see if any connectivity issue exists, but pinging seems fine even with large packets.
Ping from Windows to ESXi Server
ping /n 5000 /l 1500 10.0.64.74
Pinging 10.0.64.74 with 1500 bytes of data:
Reply from 10.0.64.74: bytes=1500 time=4ms TTL=62
Reply from 10.0.64.74: bytes=1500 time=4ms TTL=62
Reply from 10.0.64.74: bytes=1500 time=4ms TTL=62
Reply from 10.0.64.74: bytes=1500 time=4ms TTL=62
Reply from 10.0.64.74: bytes=1500 time=3ms TTL=62
Reply from 10.0.64.74: bytes=1500 time=4ms TTL=62
Reply from 10.0.64.74: bytes=1500 time=4ms TTL=62
Reply from 10.0.64.74: bytes=1500 time=4ms TTL=62
* not displaying all pings due to character number limitation *
Ping statistics for 10.0.64.74:
Packets: Sent = 50, Received = 50, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms
Ping from Windows to ESXi Server
ping /n 5000 /l 1500 192.168.28.40
Pinging 192.168.28.40 with 1500 bytes of data:
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=5ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=5ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
Reply from 192.168.28.40: bytes=1500 time=4ms TTL=126
* not displaying all pings due to character number limitation *
Ping statistics for 192.168.28.40:
Packets: Sent = 63, Received = 63, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 5ms, Average = 4ms
I did a tcpdump on NIC of firewall VMs on both Laptop and Dell Server to see if anything is traversing delaying the packets when I use web browser. I got the below which I didn't understand what it is as there was nothing no network traffic initiated by me.
The below is just a small chunk of data, there is a lot of these packets flowing very rapidly and I don't why
The IP 192.168.1.25 is the laptop's NIC IP address.
Interface of Firewall VM on Laptop
root@firewallsm:~ # tcpdump -i em0 host 192.168.1.21 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:34:53.051214 IP 192.168.1.21.22 > 192.168.1.25.59346: Flags [P.], seq 4218103046:4218103234, ack 1055845067, win 513, length 188
18:34:53.051351 IP 192.168.1.25.59346 > 192.168.1.21.22: Flags [.], ack 188, win 4101, length 0
18:34:53.051722 IP 192.168.1.21.22 > 192.168.1.25.59346: Flags [P.], seq 188:456, ack 1, win 513, length 268
18:34:53.052019 IP 192.168.1.21.22 > 192.168.1.25.59346: Flags [P.], seq 456:604, ack 1, win 513, length 148
18:34:53.052179 IP 192.168.1.25.59346 > 192.168.1.21.22: Flags [.], ack 604, win 4106, length 0
18:34:53.052520 IP 192.168.1.21.22 > 192.168.1.25.59346: Flags [P.], seq 604:848, ack 1, win 513, length 244
18:34:53.052785 IP 192.168.1.21.22 > 192.168.1.25.59346: Flags [P.], seq 848:996, ack 1, win 513, length 148
Interface of Firewall VM on Dell Server
root@firewallsm:~ # tcpdump -i vmx0 host 192.168.1.31 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmx0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:36:42.419721 IP 192.168.1.31.22 > 192.168.1.25.59352: Flags [P.], seq 3277660158:3277660346, ack 306397935, win 513, length 188
18:36:42.420237 IP 192.168.1.31.22 > 192.168.1.25.59352: Flags [P.], seq 188:360, ack 1, win 513, length 172
18:36:42.420571 IP 192.168.1.31.22 > 192.168.1.25.59352: Flags [P.], seq 360:508, ack 1, win 513, length 148
18:36:42.420885 IP 192.168.1.31.22 > 192.168.1.25.59352: Flags [P.], seq 508:656, ack 1, win 513, length 148
18:36:42.421206 IP 192.168.1.31.22 > 192.168.1.25.59352: Flags [P.], seq 656:804, ack 1, win 513, length 148
I can see ack from the Syn-Ack TCP Hand-Shake. But why so many and is it possible these are causing delays in loading the webpages as its just too many of them ?.