VMware vSphere

 View Only

  • 1.  Why can any vmk interface ping any IP?

    Posted Apr 08, 2014 12:08 PM

    Wondering why any vmkernel interface can ping any IP address, even if its on a different subnet?

    Example, vmk4 is on 10.250.10.4 255.255.255.0 and vmk0 on 10.1.1.56 255.255.0.0.

    But the following works:

    ~ # vmkping -I vmk0 10.250.10.10

    PING 10.250.10.10 (10.250.10.10): 56 data bytes

    64 bytes from 10.250.10.10: icmp_seq=0 ttl=255 time=0.122 ms

    64 bytes from 10.250.10.10: icmp_seq=1 ttl=255 time=0.109 ms

    64 bytes from 10.250.10.10: icmp_seq=2 ttl=255 time=0.113 ms

    --- 10.250.10.10 ping statistics ---

    3 packets transmitted, 3 packets received, 0% packet loss

    round-trip min/avg/max = 0.109/0.115/0.122 ms

    How is that possible because 10.250.10.* should not be reachable from 10.1.*.* from vmk0

    Here's the routing table

    ~ # esxcfg-route -l

    VMkernel Routes:

    Network          Netmask          Gateway          Interface

    1.1.1.0          255.255.255.0    Local Subnet     vmk1

    10.250.10.0      255.255.255.0    Local Subnet     vmk4

    10.1.0.0         255.255.0.0      Local Subnet     vmk0

    10.10.0.0        255.255.0.0      Local Subnet     vmk2

    default          0.0.0.0          10.1.0.254       vmk0

    The gateway 10.1.0.254 has no physical connectivity to 10.250.10.* subnet at all.  10.250.10.* is separate physical switches for storage nfs traffic.

    vmk0 - management

    vmk1 - vmotion

    vmk2 - 1gbe existing storage

    vmk4 - 10gbe new storage



  • 2.  RE: Why can any vmk interface ping any IP?

    Posted Apr 08, 2014 01:11 PM

    My guess would be that the "-I vmk0" switch is ignored due to having a directly connected L3 interface (vmk4) within that subnet....

    I have an identical setup here and see the same thing.

    /Rubeck



  • 3.  RE: Why can any vmk interface ping any IP?

    Posted Apr 08, 2014 01:11 PM

    Where is the gateway address 10.1.0.254 defined? Is it on a router that perhaps has a route to the other subnet defined?



  • 4.  RE: Why can any vmk interface ping any IP?

    Posted Apr 08, 2014 01:16 PM

    Where is it defined?  On each host, configuration tab > DNS and Routing > Properties > Routing tab.

    The 10.1.0.254 is our core switch.

    On it theres no direct connectivity to 10.250.x.x

    So I'm thinking maybe this is normal as Rubeck's host does the same thing. 



  • 5.  RE: Why can any vmk interface ping any IP?

    Posted Apr 08, 2014 01:28 PM

    The "-I vmkX" can be quite useful when having multiple vmknics within the same subnet, though (Multi-NIC vMotion/ iSCSI). In these scenarios you have no idea of which interface sends out the echo.. 

    /Rubeck