Posted on June 27, 2019 5:45 pm
 |  Asked by Davide Ganna
 |  205 views
0
0
Print Friendly, PDF & Email

Good evening,

I have an ESXi configuration on which I’d like to add two Arista vEOS switches.
In the picture, the configuration is on the right while the switches that I want to add are on the left.
The name of the virtual switches in ESXi are the same as the ones reported in the image.

Below I add the images of my port groups:

I want to ping my Linux Client from my Arista_vEOS_2. So far I can only ping the two switches among them and I can ping 192.168.202.15 (which is the interface of the Arista_vEOS_1 connected to the LAN port group). Which is the issue? Why can’t I ping the clients?

Thank you in advance,

Davide

0
Posted by Manuel Lai
Answered on June 27, 2019 6:45 pm

Ciao Davide

You can ping 192.168.202.15 from Arista_vEOS_2 so this switch has a route for that network.
Arista_vEOS_1 has a leg in each network so it has routes for both.

Can you ping 192.168.202.15 from the Linux Client?

Can you see an arp entry for your Linux Client ip address on Arista_vEOS_1?
From Arista_vEOS_1: show arp 192.168.202.x

Does your Linux Client have 192.168.202.15 as the default gateway (or as a gateway for 10.1.1.x destination)?
From Linux Client: netstat -r

0
Posted by Stuart Dayer
Answered on June 28, 2019 3:25 pm

Good morning Manuel,

Thank you for your answer.

1) Can you ping 192.168.202.15 from the Linux Client?
No, I can’t. I can only ping from the vEOS switch to the Linux Client.

2) Can you see an arp entry for your Linux Client ip address on Arista_vEOS_1?
Yes, I can. I attached the image. Does this mean that Arista_vEOS_1 ‘recognizes’ the presence of the Linux Client, right? So I can’t figure out why can’t I ping that.

3) Does your Linux Client have 192.168.202.15 as the default gateway (or as a gateway for 10.1.1.x destination)?
The default gateway for my Linux Client is the pfSense Firewall (192.168.202.1) on the right (I apologize for not having attached the full topology yesterday, I’ll do it now). There aren’t any default gateways that point at the Arista devices (noob question: why doesn’t the client automatically recognize the Arista_vEOS_1 since it is on the same subnet? Why do I have to set it as my default gateway?)

Thank you in advance,

Davide

0
Posted by Davide Ganna
Answered on July 1, 2019 10:38 am

Test

0
Posted by Francois
Answered on July 3, 2019 9:32 am

Edit ‘Properties’ on new vSwitch
○ vSwitch ‘Edit’
○ Security
○ Promiscuous Mode : Accept
○ OK, Close

0
Posted by Andrii Rykhlivskyi
Answered on July 3, 2019 11:04 am

You probably missing a route from Linux client to 10.1.1.0/24 network. The next hop for it should be 192.168.202.15

0
Posted by Manuel Lai
Answered on July 8, 2019 10:07 am

Hi Davide

Usually, clients are stub devices not participating in routing, having a default route manually configured and pointing to the default gateway. All routing is delegated to that default gateway.
Your Linux client resides on a network segment with two devices acting as routers, PFsense and Arista_EOS1, each of them with reachability to different destinations
Although Linux Client can be aware of them as network hosts (i.e. Arp), it cannot be aware of the routes that are reachable through them, unless it runs a routing protocol or it has some manually configured route entries. For this reason, you might need a default route pointing to Pfsense and a route to 10.1.1.0/24 pointing to 192.168.202.15 (Arista_EOS1)
Another option would be configuring a default route to PFsense and rely on ICMP redirect messages, but this resulted in suboptimal routing.

However, if you cannot ping 192.168.202.15 from Linux client, we have to investigate local reachability before routing.
Promiscuous mode is required when a NIC with MAC aaaa.aaaa.aaaa has to accept traffic with different destination MACs than its own mac, i.e. we need to reach a VNIC with MAC bbbb.bbbb.bbbb belonging to a VM “behind” the physical NIC aaaa.aaaa.aaaa.
Do all your VMs have a unique IP and mac address or there are duplicates as the result of VM cloning/import?
Does your PF sense firewall run some proxy arp mechanism?
As a test, can you ping 192.168.202.15 from the Linux Client if you shutdown/disconnect all hosts except Arista_EOS1 and Linux client itself?

Post your Answer

You must be logged in to post an answer.