none
IP6 and ping !

    Question

  • Dear all,

    on my lab i have ESXI using 192.168.2.10 with one NIC,

    on the ESXI i have 3 Machines

    DC = 192.168.4.2

    EX = 192.168.4.3

    Vyatta Firewall with Two NICs

    eth0 = 192.168.2.50

    eth1= 192.168.4.1

    when i am on the network 192.168.2.xxx i can ping DC and EX with reply using IPV6, i can RDP to the machines using the names but not the IP ! however after i disable IPV6 i lost the connection with the servers, i can't ping them or RDP to them,

    i've checked my DNS all seems fine, is this a reverse DNS or Windows or something else?

    thank you

    Thursday, July 11, 2013 2:44 PM

All replies

  • Questions:

    1) is the Vyatta configured to do IPv6 routing?

    2) which machine is doing the pings/RDPs?  and  2a) what is its IPv6 default g/w?

    3) what are the IPv6 addresses?   (you show alot of IPv4, but no IPv6)



    Jeff Carrell

    Thursday, July 11, 2013 4:32 PM
  • Questions:

    1) is the Vyatta configured to do IPv6 routing?

    2) which machine is doing the pings/RDPs?  and  2a) what is its IPv6 default g/w?

    3) what are the IPv6 addresses?   (you show alot of IPv4, but no IPv6)



    Jeff Carrell

    Dear Jeff,

    i havn't configured IPv6 at all, i active it just because i have to, otherwise my network will be down,

    Vyatta is configured just  for IP4

    IPv6 i have are :

    FS =  fe80::85a4:9b1c:4809:c0b6%13

    DC = fe80::c5ad:4235:5d9a:2410%13

    thank you

    Thursday, July 11, 2013 8:52 PM
  • Ah, ok.

    IPv6 is enabled by default on Win Vista/7/8, and W2K8/12.

    IPv6 is not enabled by default on most routers, which includes Vyatta (at least up to 6.5 I have played with).

    "fe80::" addresses are known as "link-local address", and can only access each other on the local subnet...an fe80:: address CANNOT be routed.

    When you ping an "fe80::" address, you must use the form 'ping <target fe80::addr>%<your-ipv6-intf-id>, so from DC do "ping fe80::85a4:9b1c:4809:c0b6%13"

    A few relevant books to get:

     Guide to TCP/IP, 4th Edition - TCP/IP - both IPv4 & IPv6 covered!!!
     IPv6 Fundamentals
     Understanding IPv6
     

    fyi, device interfaces can (and generally will) have multiple-valid IPv6 addresses...we don't have that in IPv4. Link-Local addresses are used for comms on local subnet, "Global Unicast Addresses" are used to get "off-net" - but that function will be the client sending to its default gateway's Link-Local addr.......lots of new stuff for you to learn :-)

    hth...Jeff


    Jeff Carrell

    Thursday, July 11, 2013 10:44 PM
  • Ah, ok.

    IPv6 is enabled by default on Win Vista/7/8, and W2K8/12.

    IPv6 is not enabled by default on most routers, which includes Vyatta (at least up to 6.5 I have played with).

    "fe80::" addresses are known as "link-local address", and can only access each other on the local subnet...an fe80:: address CANNOT be routed.

    When you ping an "fe80::" address, you must use the form 'ping <target fe80::addr>%<your-ipv6-intf-id>, so from DC do "ping fe80::85a4:9b1c:4809:c0b6%13"

    A few relevant books to get:

     Guide to TCP/IP, 4th Edition - TCP/IP - both IPv4 & IPv6 covered!!!
     IPv6 Fundamentals
     Understanding IPv6
     

    fyi, device interfaces can (and generally will) have multiple-valid IPv6 addresses...we don't have that in IPv4. Link-Local addresses are used for comms on local subnet, "Global Unicast Addresses" are used to get "off-net" - but that function will be the client sending to its default gateway's Link-Local addr.......lots of new stuff for you to learn :-)

    hth...Jeff


    Jeff Carrell

    Dear Jeff,

    thank you so much for your answers however one strange behaivor !

    why i can RDP to some machine and ping them and others not ?

    i can RDP to FS and ping it but not to Ex ? they are on the same subnet behind the same firewall on the same domain,

    the only different is i am on different Subnet

    ESXI IP is 192.168.2.10 / ISP Modem 192.168.2.254

    Vyatta 6.6 with two interfaces eth0 = 192.168.2.50 is configured as DMZ on my ISP router,  eth1 = 192.168.4.1

    when i am connect with my laptop on my ISP router i can ping the FS just with name and not with IP the reply is Always IPV6 i can RDP to that server but not to others, my laptop is added to the Domain controller 192.168.4.2 but when i map network drive everytime i need to add username and password,

    what am i doing wrong?

    thank you

    Thursday, July 11, 2013 11:09 PM
  • I do not understand what you are trying to do.....you reference IPv4 addresses...and then talk IPv6 responses....

    Sounds like DNS has some AAAA definitions for some devices...but not all devices...

    Can you provide:

    1) the exact commands you are executing

    2) what the output/reply/response is of the command(s) above

    3) what DNS does each device point to

    4) define what devices have what IPv4 AND IPv6 addresses

    ....that would make things a bit clearer....at least to me.


    Jeff Carrell

    Friday, July 12, 2013 3:59 AM
  • I do not understand what you are trying to do.....you reference IPv4 addresses...and then talk IPv6 responses....

    Sounds like DNS has some AAAA definitions for some devices...but not all devices...

    Can you provide:

    1) the exact commands you are executing

    2) what the output/reply/response is of the command(s) above

    3) what DNS does each device point to

    4) define what devices have what IPv4 AND IPv6 addresses

    ....that would make things a bit clearer....at least to me.


    Jeff Carrell

    Dear Jeff,
    what i am trying is that both subnets will be reachable from both sides,
    when i am connected to my physique subnet 192.168.2.x/24 i can't reach my virtual network on the ESXI, i can reach the devices just with using the Firewall UP,

    i try to give you a small diagram :
    --Internet---- ISP Gateway = 192.168.2254 -------My Laptop 192.168.2.106 (Wifi )------- ESXI 192.168.2.10 ----- Vyatta with two NIC's eth0 192.168.2.50, eth1 192.168.4.1 ---- Domain controller 192.168.4.2 ---- Exchange server 192.168.4.3-

    i hope it clear to you,
    the command i am excuting to ping the servers is simply ping followed with the server name


    Microsoft Windows [Version 6.2.9200]
    (c) 2012 Microsoft Corporation. Alle rechten voorbehouden.

    C:\Users\user>ping fs

    Pinging FS [fe80::85a4:9b1c:4809:c0b6%13] with 32 bytes of data:
    Reply from fe80::85a4:9b1c:4809:c0b6%13: time=4ms
    Reply from fe80::85a4:9b1c:4809:c0b6%13: time=5ms
    Reply from fe80::85a4:9b1c:4809:c0b6%13: time=6ms
    Reply from fe80::85a4:9b1c:4809:c0b6%13: time=6ms

    Ping statistics for fe80::85a4:9b1c:4809:c0b6%13:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 4ms, Maximum = 6ms, Average = 5ms

    C:\Users\user>ping ex

    Pinging EX [fe80::5c4c:dea5:25c3:7922%13] with 32 bytes of data:
    Reply from fe80::5c4c:dea5:25c3:7922%13: time=4ms
    Reply from fe80::5c4c:dea5:25c3:7922%13: time=4ms
    Reply from fe80::5c4c:dea5:25c3:7922%13: time=4ms
    Reply from fe80::5c4c:dea5:25c3:7922%13: time=5ms

    Ping statistics for fe80::5c4c:dea5:25c3:7922%13:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 4ms, Maximum = 5ms, Average = 4ms

    C:\Users\user>ping backup

    Pinging Backup [fe80::1151:cb77:ea8d:f2d3%13] with 32 bytes of data:
    Reply from fe80::1151:cb77:ea8d:f2d3%13: time=5ms
    Reply from fe80::1151:cb77:ea8d:f2d3%13: time=4ms
    Reply from fe80::1151:cb77:ea8d:f2d3%13: time=4ms
    Reply from fe80::1151:cb77:ea8d:f2d3%13: time=5ms

    Ping statistics for fe80::1151:cb77:ea8d:f2d3%13:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 4ms, Maximum = 5ms, Average = 4ms

    C:\Users\user>ping vcenter
    Ping request could not find host vcenter. Please check the name and try again.

    C:\Users\user>ping dc

    Pinging DC [fe80::c5ad:4235:5d9a:2410%13] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for fe80::c5ad:4235:5d9a:2410%13:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\Users\user>


    3) what DNS does each device point to ?
    all my VM are pointing to my domain controller as DNS and Vyatta as Gateway,
    My Laptop is pointed to my ISP Router as Gateway and DNS, and i've configured my Domain controller as secondery DNS 192.168.4.2

    4) define what devices have what IPv4 AND IPv6 addresses ?
    ISP Modem 192.168.2.254
    My Laptop 192.168.2.106
    ESXI 192.168.2.10
    Vyatta = eth0 192.168.2.50
     eth1 192.168.4.1

    Domain controller 192.168.4.2 / 255.255.255.0 / 192.168.4.1
    Exchange Server 192.168.4.3 / 255.255.255.0 / 192.168.4.1
    File server   192.168.4.4 / 255.255.255.0 / 192.168.4.1


    Friday, July 12, 2013 10:13 AM
  • Thanx for the info, still a few more questions:

    1) you said "...what i am trying is that both subnets will be reachable from both sides..." so my question is, reachable on both sides using IPv4 or IPv6 or both?

    2) when you did the pings in the last post, what device was doing the pings, and what is it's IPv4 address?

    3) also, redo the pings as in last post, but use this syntax "ping fs -4"    -4 forces the ping request to IPv4.

    In Windows (Vista and newer, and W2K8 and newer), if a network application is executed (ping, RDP, etc) using a name instead of an IP (v4 or v6) address, and the name is resolved in DNS, and the answer is given is IPv4 & IPv6 addresses, Windows uses the IPv6 address first, meaning Windows prefers IPv6 when it gets that info. That is what is you are seeing I believe.

    You also stated that you had not configured Vyatta for IPv6, but it is configured for IPv4 - which I assume means it is routing both networks.

    Based on the info above, you may want to delete the AAAA Recs in your DNS for all your devices, and then retry pings and RDP's.

    You don't actually have a "problem", as much as what is working is not the way you want it to work. Things are working the way they are based on how Windows thinks it should be working - because of Windows default settings and DNS entries. (it's crazy, I know)

    hth...Jeff


    Jeff Carrell

    Friday, July 12, 2013 3:15 PM
  • Thanx for the info, still a few more questions:

    1) you said "...what i am trying is that both subnets will be reachable from both sides..." so my question is, reachable on both sides using IPv4 or IPv6 or both?

    2) when you did the pings in the last post, what device was doing the pings, and what is it's IPv4 address?

    3) also, redo the pings as in last post, but use this syntax "ping fs -4"    -4 forces the ping request to IPv4.

    In Windows (Vista and newer, and W2K8 and newer), if a network application is executed (ping, RDP, etc) using a name instead of an IP (v4 or v6) address, and the name is resolved in DNS, and the answer is given is IPv4 & IPv6 addresses, Windows uses the IPv6 address first, meaning Windows prefers IPv6 when it gets that info. That is what is you are seeing I believe.

    You also stated that you had not configured Vyatta for IPv6, but it is configured for IPv4 - which I assume means it is routing both networks.

    Based on the info above, you may want to delete the AAAA Recs in your DNS for all your devices, and then retry pings and RDP's.

    You don't actually have a "problem", as much as what is working is not the way you want it to work. Things are working the way they are based on how Windows thinks it should be working - because of Windows default settings and DNS entries. (it's crazy, I know)

    hth...Jeff


    Jeff Carrell

    Dear Jeff,

    • 1) you said "...what i am trying is that both subnets will be reachable from both sides..." so my question is, reachable on both sides using IPv4 or IPv6 or both? i prefer IPV4

    2) when you did the pings in the last post, what device was doing the pings, and what is it's IPv4 address? when i ping them i recieve just ipV6 and not IP4 on the reply ping

    3) also, redo the pings as in last post, but use this syntax "ping fs -4"    -4 forces the ping request to IPv4.

    C:\Users\user>ping fs -4

    Pinging FS [192.168.4.4] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.

    Friday, July 12, 2013 3:48 PM
  • Almost there....

    when you did the pings in the last post, what device was doing the pings, and what is it's IPv4 address?


    Jeff Carrell

    Friday, July 12, 2013 5:58 PM
  • Almost there....

    when you did the pings in the last post, what device was doing the pings, and what is it's IPv4 address?


    Jeff Carrell

    no device is responding to the ping on IPV4, only on IPV6 !
    that why i found it strange !

    Friday, July 12, 2013 6:18 PM
  • The questions is WHAT device did you TYPE the 'ping fs -4' command on ???? and what is THAT DEVICE'S IPv4 address..........not what was the result, you already showed that..........

    Also, on the same device as the pings have been done on, do the following, and show those results:

    1) 'nslookup'
    2) 'fs'


    Jeff Carrell

    Friday, July 12, 2013 6:37 PM
  • The questions is WHAT device did you TYPE the 'ping fs -4' command on ???? and what is THAT DEVICE'S IPv4 address..........not what was the result, you already showed that..........

    Also, on the same device as the pings have been done on, do the following, and show those results:

    1) 'nslookup'
    2) 'fs'


    Jeff Carrell

    Hey Jeff,

    were all devices actually, FS, DC,EX

    when i do nslookup and fs, comes back with error and shows my ISP modem ip 192.168.2.254



    C:\Users\user>nslookup
    Default Server:  router.home
    Address:  192.168.2.254

    > fs
    Server:  router.home
    Address:  192.168.2.254

    • Edited by Julien.J Friday, July 12, 2013 6:53 PM adding warning
    Friday, July 12, 2013 6:41 PM
  • Looks like you have mis-configured DNS.

    from ES do:

    1) nslookup
    2) server 192.168.4.2 (which you said earlier was secondary DNS)
    3) fs

    what is result?


    Jeff Carrell

    Friday, July 12, 2013 7:03 PM
  • Looks like you have mis-configured DNS.

    from ES do:

    1) nslookup
    2) server 192.168.4.2 (which you said earlier was secondary DNS)
    3) fs

    what is result?


    Jeff Carrell

    Dear Jeff,

    when i log to the FS using ESXI Client, after i do NSlookup and i looke to FS i get the below,

    once again thank you so much !

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All r

    C:\Users\info>nslookup
    Default Server:  dc.attcomputer.lan
    Address:  192.168.4.2

    > fs
    Server:  dc.attcomputer.lan
    Address:  192.168.4.2

    Name:    fs.ATTComputer.lan
    Address:  192.168.4.4

    >

    i checked my DNS, nothing is really nothing wrong on it  unless i dont see it !

    on lookup zone i have all Host A servers with static IP
    and start of autho (SOA)  which is [389] data dc.attcomputer.lan. , hostmaster.attcomputer.lan

    name server  (NS) ATTComputer.lan

    Zone revers 4.168.192.in-addr.arpa.dns with all servers PTR and IP adresses which i checked and they are correct, and SOA=Name of Server and NS ATTComputer.lan

    the result of ping from the subnet 192.168.2.0/24

    C:\Users\info.ATTCOMPUTER>ping dc

    Pinging DC [fe80::c5ad:4235:5d9a:2410%12] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for fe80::c5ad:4235:5d9a:2410%12:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\Users\info.ATTCOMPUTER>ping fs

    Pinging FS [fe80::85a4:9b1c:4809:c0b6%12] with 32 bytes of data:
    Reply from fe80::85a4:9b1c:4809:c0b6%12: time<1ms
    Reply from fe80::85a4:9b1c:4809:c0b6%12: time<1ms
    Reply from fe80::85a4:9b1c:4809:c0b6%12: time<1ms
    Reply from fe80::85a4:9b1c:4809:c0b6%12: time<1ms

    Ping statistics for fe80::85a4:9b1c:4809:c0b6%12:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms

    C:\Users\info.ATTCOMPUTER>


    • Edited by Julien.J Friday, July 12, 2013 7:52 PM add ping result
    Friday, July 12, 2013 7:26 PM
  • ?????

    That is not the same results as in your post before...........

    Would you please do the following from ES and post the results (this computer since its not the domain controller/DNS or the file server):
    1) nslookup
    2) server 192.168.4.2
    3) fs
    4) server 192.168.2.254
    5) fs


    Jeff Carrell

    Friday, July 12, 2013 7:50 PM
  • ?????

    That is not the same results as in your post before...........

    Would you please do the following from ES and post the results (this computer since its not the domain controller/DNS or the file server):
    1) nslookup
    2) server 192.168.4.2
    3) fs
    4) server 192.168.2.254
    5) fs


    Jeff Carrell

    Dear Jeff,

    you meant with ES = computer from the network 192.168.2.0 ? just to add that my DNS is not configured with mx record, is acting just internal DNS!

    if yes this the result


    C:\Users\info.ATTCOMPUTER>nslookup
    Default Server:  router.home
    Address:  192.168.2.254

    > server 192.168.4.2
    Default Server:  [192.168.4.2]
    Address:  192.168.4.2

    > fs
    Server:  [192.168.4.2]
    Address:  192.168.4.2

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to [192.168.4.2] timed-out
    > server 192.168.2.254
    DNS request timed out.
        timeout was 2 seconds.
    Default Server:  [192.168.2.254]
    Address:  192.168.2.254

    > fs
    Server:  [192.168.2.254]
    Address:  192.168.2.254

    *** [192.168.2.254] can't find fs: Non-existent domain
    >


    • Edited by Julien.J Friday, July 12, 2013 8:36 PM mx record
    Friday, July 12, 2013 8:15 PM
  • opps, my bad....

    I meant the test to be run from the ExchangeServer - aka-EX.....

    Run the tests from the computer that is configured with 192.168.4.3 - whatever its name :-)


    Jeff Carrell

    Friday, July 12, 2013 8:34 PM
  • opps, my bad....

    I meant the test to be run from the ExchangeServer - aka-EX.....

    Run the tests from the computer that is configured with 192.168.4.3 - whatever its name :-)


    Jeff Carrell

    here you go sir ! much appreciate it !


    C:\Users\info>nslookup
    Default Server:  dc.attcomputer.lan
    Address:  192.168.4.2

    > server 192.168.4.2
    Default Server:  dc.attcomputer.lan
    Address:  192.168.4.2

    > fs
    Server:  dc.attcomputer.lan
    Address:  192.168.4.2

    Name:    fs.ATTComputer.lan
    Address:  192.168.4.4

    > server 192.168.2.254
    DNS request timed out.
        timeout was 2 seconds.
    Default Server:  [192.168.2.254]
    Address:  192.168.2.254

    > fs
    Server:  [192.168.2.254]
    Address:  192.168.2.254

    *** [192.168.2.254] can't find fs: Non-existent domain

    Friday, July 12, 2013 8:51 PM
  • Ah, looks as if you may have routing and/or firewall issues.

    Do you have static route entries:
          a) in 192.168.2.254 that indicates how to get to the 192.168.4.0/24 network?
                which is via the Vyatta at 192.168.2.50
          b) in 192.168.4.1  that indicates how to get to the 192.168.2.0/24 network?
                which is via the ISP-Rtr at 192.168.2.254

    That coupled with possible mixed DNS entries, and IPv4 -vs- IPv6 operations in Windows could be some cause of confusion.

    Try these tests:
    1) from a device on 192.168.2.0 (not the ESXi srvr, not the Vyatta, not the ISP rtr) network - laptop on WLAN perhaps:
         a) ping 192.168.4.2
         b) ping DC -4     (or whatever the DNS name for 192.168.4.2 is)
         c) repeat for .3 , EX, .4, FS
    2) from a device on 192.168.4.0 (not Vyatta, not ESXi) - perhaps EX again
         a) ping the laptop's IPv4 address

    Do you any firewalls enabled on any of the Windows computers (which Win has on by default), if so, pings will fail.

    Do you have any firewall rules on the Vyatta that would block pings going through?

    Your ESXi has only one NIC as 192.168.2.10 -and- therefore you must have the servers and Vyatta as VMs in the 192.168.4.0 network which is a different vSwitch interface -and- the Vyatta has its interfaces: 1 in the vSwitch physical port out, and the other in the local vSwitch (no network port) - true ????


    Jeff Carrell

    Friday, July 12, 2013 9:39 PM
    • Ah, looks as if you may have routing and/or firewall issues.

    Do you have static route entries:
          a) in 192.168.2.254 that indicates how to get to the 192.168.4.0/24 network?
                which is via the Vyatta at 192.168.2.50

    • This the rule I have created on Vyatta before :
    • yatta@vyatta:~$ configure
    • [edit]
    • vyatta@vyatta# show protocols
    •  static {
    •      route 192.168.2.0/24 {
    •          next-hop 192.168.4.1 {
    •          }
    •      }
    •  }
    • [edit]
    • vyatta@vyatta#
            b) in 192.168.4.1  that indicates how to get to the 192.168.2.0/24 network?
                  which is via the ISP-Rtr at 192.168.2.254
    • the vyatta is DMZ configured on my ISP so I can reach my ISP router behind vyatta network

    That coupled with possible mixed DNS entries, and IPv4 -vs- IPv6 operations in Windows could be some cause of confusion.

    Try these tests:
    1) from a device on 192.168.2.0 (not the ESXi srvr, not the Vyatta, not the ISP rtr) network - laptop on WLAN perhaps:
         a) ping 192.168.4.2

    C:\>ping 192.168.4.2
    Pinging 192.168.4.2 with 32 bytes of data
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Ping statistics for 192.168.4.2:
     Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

         b) ping DC -4     (or whatever the DNS name for 192.168.4.2 is)
         c) repeat for .3 , EX, .4, FS

    C:\>ping dc -4
    Pinging DC [192.168.4.2] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Ping statistics for 192.168.4.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\>ping fs -4

    Pinging FS [192.168.4.4] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Ping statistics for 192.168.4.4:

        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


    2) from a device on 192.168.4.0 (not Vyatta, not ESXi) - perhaps EX again
         a) ping the laptop's IPv4 address

    C:\Users\info>ping 192.168.2.111
    Pinging 192.168.2.111 with 32 bytes of data:
    Reply from 192.168.2.111: bytes=32 time=1ms TTL=127
    Reply from 192.168.2.111: bytes=32 time<1ms TTL=127
    Reply from 192.168.2.111: bytes=32 time<1ms TTL=127
    Reply from 192.168.2.111: bytes=32 time<1ms TTL=127
    Ping statistics for 192.168.2.111:

        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

        Minimum = 0ms, Maximum = 1ms, Average = 0ms

    C:\Users\info>

    Do you any firewalls enabled on any of the Windows computers (which Win has on by default), if so, pings will fail.

    Do you have any firewall rules on the Vyatta that would block pings going through?

    Your ESXi has only one NIC as 192.168.2.10 -and- therefore you must have the servers and Vyatta as VMs in the 192.168.4.0 network which is a different vSwitch interface -and- the Vyatta has its interfaces: 1 in the vSwitch physical port out, and the other in the local vSwitch (no network port) - true ????

    My ESXI has one physical NIC which is 192.168.2.10, Vyatta is VM with two virtuals NICs

    this my Network Diagram



    • Edited by Julien.J Friday, July 12, 2013 10:01 PM add image
    Friday, July 12, 2013 9:58 PM
    • Ah, looks as if you may have routing and/or firewall issues.

    Do you have static route entries:
          a) in 192.168.2.254 that indicates how to get to the 192.168.4.0/24 network?
                which is via the Vyatta at 192.168.2.50

    • This the rule I have created on Vyatta before :
    • yatta@vyatta:~$ configure
    • [edit]
    • vyatta@vyatta# show protocols
    •  static {
    •      route 192.168.2.0/24 {
    •          next-hop 192.168.4.1 {
    •          }
    •      }
    •  }
    • [edit]
    • vyatta@vyatta#
            b) in 192.168.4.1  that indicates how to get to the 192.168.2.0/24 network?
                  which is via the ISP-Rtr at 192.168.2.254
    • the vyatta is DMZ configured on my ISP so I can reach my ISP router behind vyatta network

    That coupled with possible mixed DNS entries, and IPv4 -vs- IPv6 operations in Windows could be some cause of confusion.

    Try these tests:
    1) from a device on 192.168.2.0 (not the ESXi srvr, not the Vyatta, not the ISP rtr) network - laptop on WLAN perhaps:
         a) ping 192.168.4.2

    C:\>ping 192.168.4.2
    Pinging 192.168.4.2 with 32 bytes of data
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Ping statistics for 192.168.4.2:
     Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

         b) ping DC -4     (or whatever the DNS name for 192.168.4.2 is)
         c) repeat for .3 , EX, .4, FS

    C:\>ping dc -4
    Pinging DC [192.168.4.2] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Ping statistics for 192.168.4.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:\>ping fs -4

    Pinging FS [192.168.4.4] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Ping statistics for 192.168.4.4:

        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


    2) from a device on 192.168.4.0 (not Vyatta, not ESXi) - perhaps EX again
         a) ping the laptop's IPv4 address

    C:\Users\info>ping 192.168.2.111
    Pinging 192.168.2.111 with 32 bytes of data:
    Reply from 192.168.2.111: bytes=32 time=1ms TTL=127
    Reply from 192.168.2.111: bytes=32 time<1ms TTL=127
    Reply from 192.168.2.111: bytes=32 time<1ms TTL=127
    Reply from 192.168.2.111: bytes=32 time<1ms TTL=127
    Ping statistics for 192.168.2.111:

        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

        Minimum = 0ms, Maximum = 1ms, Average = 0ms

    C:\Users\info>

    Do you any firewalls enabled on any of the Windows computers (which Win has on by default), if so, pings will fail.

    Do you have any firewall rules on the Vyatta that would block pings going through?

    Your ESXi has only one NIC as 192.168.2.10 -and- therefore you must have the servers and Vyatta as VMs in the 192.168.4.0 network which is a different vSwitch interface -and- the Vyatta has its interfaces: 1 in the vSwitch physical port out, and the other in the local vSwitch (no network port) - true ????

    My ESXI has one physical NIC which is 192.168.2.10, Vyatta is VM with two virtuals NICs

    this my Network Diagram



    Dear Jeff,

    i am still waiting for your answer,

    thank you

    Sunday, July 21, 2013 9:35 AM
  • Well, it looks like you have all your networks on the same physical interface (graphic is hard to see).

    At this stage, you should probably do some searching for ESXi configs of multiple networks with "logical" and "physical" interfaces.

    With static routes, you must point how to get to another (or all other) network via the other end connected network address, as I stated before....yours don't seem to do that...

    All the IPv6 traffic/resolves you are seeing is due to the fact the those devices have IPv6 addresses, and IPv6 if preferred when available, at least in newer Windows OS's.

    Also, you might want to post how to get your basic network operational on a VMware/ESXi board.

    hth...Jeff


    Jeff Carrell

    Wednesday, July 24, 2013 3:25 AM
  • Well, it looks like you have all your networks on the same physical interface (graphic is hard to see).

    At this stage, you should probably do some searching for ESXi configs of multiple networks with "logical" and "physical" interfaces.

    With static routes, you must point how to get to another (or all other) network via the other end connected network address, as I stated before....yours don't seem to do that...

    All the IPv6 traffic/resolves you are seeing is due to the fact the those devices have IPv6 addresses, and IPv6 if preferred when available, at least in newer Windows OS's.

    Also, you might want to post how to get your basic network operational on a VMware/ESXi board.

    hth...Jeff


    Jeff Carrell

    Thank you Jeff,

    ive managed to fix the issue !

    the probleem was my firewall doing the DNS forwarding for me so it blocks all incoming that are not allowed o the firewall rules,

    i configured my Domain controller as DNS forwarder and it works fine

    Monday, August 26, 2013 2:56 PM