none
VM's cannot access internet

    Question

  • Hello Guys,

    I've have setup a SCVMM 2016 deployment with 2 nodes and succesfully deployed NC's, SLB's and GW's according to the scripts available by Microsoft.

    Also the required logical networks are in place:

    MGT: 10.7.100.0/24 (logical switch controlled by NC)

    HNV: 10.8.110.0/24 (part of uplink for MGT)

    Transit: 10.8.125.0/24 (part of uplink for MGT)

    public and private networks (do they need to be in the uplink profile?) which are advertised via bgp because i have setup outgoing NAT on a vmnetwork, and some additional networks.

    Both hosts have virtual adapters for mgt and the additional networks.

    The SLB's has adapters for mgt, transit and hnv and the gw's for mgt and transit.

    I have setup a vm network into the hnv network and created a vm. 

    The problem i have for two weeks now is that i cannot reach the internet from the vm. If i ping to 8.8.8.8 and trace the traffic with wireshark, i see the traffic leaving from the vm, translated to the hnv ip of the host, and that is routed via my physical router (why not the SLB?) to google. Google is replying and the traffic is via the same way getting back to the host's hnv address and then it's dead. The host replies with a Protocol Unreachable. So it looks like the traffic is not getting translated to the vm. Also i think the traffic is not following the correct path to google. 

    I have tried a lot, but i'm out of ideas now. Can anybody help me?

    Friday, June 22, 2018 1:46 PM

All replies

  • Hello,

    I hope the following info is helpful to you.

    You can learn more about planning SDN infrastructure by referring to the following article.

    https://docs.microsoft.com/en-us/windows-server/networking/sdn/plan/plan-a-software-defined-network-infrastructure

    Best regards,
    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 25, 2018 3:25 AM
  • Hi Andy,

    I can reach the management (=physical), hnv provider and transit networks from the physical network.

    The vip's are advertised by the bgp router together with the Next Hopx, which are the transit ip-addresses of the SLB's.

    I cannot reach the vip's from the physical network. I have definded the networks on my router now, so i can reach the router ip-address of the vip-networks. I have tried selected the networks in the uplink profile and also deselect them, but i makes no difference.

    Firewall's are switched on at all SLB's, should it matter if i turn them off for testing?

    Any idea what i'm doing wrong?

    Monday, June 25, 2018 10:14 AM