Ping works only one-way to host in VM virtualbox

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved
I am running EXOS VM's in Oracle VirtualBox.

I have a topology in this order: host1-sw1-sw2-host2.

I can ping from host2 to host1, but when I try to ping host1 to host2 the ping fails. I can't ping host2 from sw2 either. Here is snapshot of host1 and sw1:



Here is a snapshot of sw2 and host2:



Switch 1 and 2 are connected through OSPF.
What is the correct way to connect hosts in virtualized network?

I know there is no route to host from 192.168.11.3, but it still reaches 192.168.12.0/24 network, shouldn't it reach to the host also?

Thanks

- Petteri
Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Drew C.

Drew C., Community Manager

  • 37,308 Points 20k badge 2x thumb
Hi Petteri,
At first glance, I noticed in your config that ports 1 and 2 on each switch were deleted from VR VR-Default.  They'll need to be added to a virtual router for all of the interfaces to work properly.
Try this:  configure vr vr-default add ports 1-2

I may be missing something else, but I wanted to get a response out to you before my next meeting :)

-Drew
Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb
Hi Drew

Thanks for the quick reply. All ports are assigned to virtual-router named "vrtesti", so disabling default VR was intentional. :)

- Petteri
Photo of Drew C.

Drew C., Community Manager

  • 37,062 Points 20k badge 2x thumb
I completely missed the add line just below it.  I guess that's what I get for giving it a quick glance instead of studying :)
Maybe someone else will have a better idea.

If you can post your OSPF config (and any other relevant config pieces), I can get one of our lab interns to test it out.

-Drew
Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb
Sure, here they are:

Switch1:
virtual-router vrtesti
configure ospf routerid 1.1.1.1
enable ospf
configure ospf add vlan switch1 area 0.0.0.0 link-type point-to-point
virtual-router VR-Default

Switch2:
virtual-router vrtesticonfigure ospf routerid 2.2.2.2
enable ospf
configure ospf restart planned
configure ospf add vlan switch2 area 0.0.0.0 link-type point-to-point
configure ospf add vlan switch2host area 0.0.0.0 link-type point-to-point
virtual-router VR-Default

And here is output from show ospf area 0.0.0.0 from sw2:

Area: 0.0.0.0 Type: Normal
Router Id: 2.2.2.2
Spf Runs: 13 Num ABR: 0 Num ASBR: 0 Num LSA: 2 LSA Chksum:0x8c54
Interfaces:
   IP addr          Ospf  State     DR IP addr      BDR IP addr
192.168.11.3   /24   E    P2P       0.0.0.0         0.0.0.0
192.168.12.1   /24   E    P2P       0.0.0.0         0.0.0.0
Inter-Area route Filter:
External route Filter:
Configured Address Ranges:

IP addressing for hosts and configs can be seen from the snapshot.

Thanks!
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Petteri,

There must be some typo somewhere.

I've just fired 4 EXOS-VMs (SW0 and SW3 acting as your host PCs) and everything is working OK.

Here are the configs:

Switch0 (acting as PC 192.168.11.7)

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-7
configure vr VR-Default add ports 1-7
configure vlan default delete ports 2-7
configure vlan Default add ports 1 untagged 
configure vlan Default ipaddress 192.168.11.7 255.255.255.0
configure vlan Mgmt ipaddress 172.16.56.11 255.255.255.0

#
# Module rtmgr configuration.
#
configure iproute add default 192.168.11.2

Switch1

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-7
configure vr VR-Default add ports 3-7
create vr "vrtesti"
configure vr vrtesti add ports 1-2
configure vlan default delete ports 1-7
create vlan "switch1" vr vrtesti
configure vlan switch1 tag 5
configure vlan switch1 add ports 2 tagged 
configure vlan switch1 add ports 1 untagged 
configure vlan Mgmt ipaddress 172.16.56.12 255.255.255.0
configure vlan switch1 ipaddress 192.168.11.2 255.255.255.0
enable ipforwarding vlan switch1
configure vr vrtesti add protocol ospf


#
# Module ospf configuration on virtual router vrtesti.
#
virtual-router vrtesti
configure ospf routerid 1.1.1.1
enable ospf
configure ospf add vlan switch1 area 0.0.0.0 link-type point-to-point
virtual-router VR-Default

Switch2

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-7
configure vr VR-Default add ports 3-7
create vr "vrtesti"
configure vr vrtesti add ports 1-2
configure vlan default delete ports 1-7
create vlan "switch2" vr vrtesti
configure vlan switch2 tag 5
create vlan "switch2hosti" vr vrtesti
configure vlan switch2 add ports 1 tagged 
configure vlan switch2hosti add ports 2 untagged 
configure vlan Mgmt ipaddress 172.16.56.13 255.255.255.0
configure vlan switch2 ipaddress 192.168.11.3 255.255.255.0
enable ipforwarding vlan switch2
configure vlan switch2hosti ipaddress 192.168.12.1 255.255.255.0
enable ipforwarding vlan switch2hosti
configure vr vrtesti add protocol ospf

#
# Module ospf configuration on virtual router vrtesti.
#
virtual-router vrtesti
configure ospf routerid 2.2.2.2
enable ospf
configure ospf add vlan switch2 area 0.0.0.0 link-type point-to-point
configure ospf add vlan switch2hosti area 0.0.0.0 link-type point-to-point
virtual-router VR-Default



Switch3 (acting as PC 192.168.12.9)
*
#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-7
configure vr VR-Default add ports 1-7
configure vlan Default add ports 1-7 untagged 
configure vlan Default ipaddress 192.168.12.9 255.255.255.0
configure vlan Mgmt ipaddress 172.16.56.14 255.255.255.0

Switch1 OSPF & Routes info

* (vr vrtesti) lab9.sw1.3 # sh ospf

OSPF                : Enabled          MPLS LSP as Next-Hop: No
RouterId            : 1.1.1.1          RouterId Selection  : Configured
ASBR                : No               ABR                 : No
ExtLSA              : 0                ExtLSAChecksum      : 0x0  
OriginateNewLSA     : 5                ReceivedNewLSA      : 6        
SpfHoldTime         : 3                Lsa Batch Interval  : 30s
CapabilityOpaqueLSA : Enabled
10M Cost            : 10               100M Cost           : 5
1000M Cost (1G)     : 4                10000M Cost (10G)   : 2
40000M Cost (40G)   : 2                                       
100000M Cost (100G) : 1                                       
Router Alert        : Disabled         Import Policy File  :
ASExternal LSALimit : Disabled         Timeout (Count)     : Disabled (0)
Originate Default   : Disabled
SNMP Traps          : Disabled
Redistribute:
Protocol              Status   cost  Type Tag        Policy
direct                Disabled 0     0    0          None
static                Disabled 0     0    0          None
rip                   Disabled 0     0    0          None
e-bgp                 Disabled 0     0    0          None
i-bgp                 Disabled 0     0    0          None
isis-level-1          Disabled 0     0    0          None
isis-level-2          Disabled 0     0    0          None
isis-level-1-external Disabled 0     0    0          None
isis-level-2-external Disabled 0     0    0          None
* (vr vrtesti) lab9.sw1.4 # sh ospf neighbor
Neighbor ID     Pri State              Up/Dead Time             Address         Interface
          BFD Session State
==========================================================================================
2.2.2.2           1 FULL      /DROTHER 00:00:55:34/00:00:00:04  192.168.11.3    switch1  
          None             

Total number of neighbors: 1 (All neighbors in Full state)

* (vr vrtesti) lab9.sw1.5 # sh iproute
Ori  Destination        Gateway         Mtr  Flags         VLAN       Duration
#d   192.168.11.0/24    192.168.11.2    1    U------um--f- switch1    0d:1h:45m:17s
#oa  192.168.12.0/24    192.168.11.3    10   UG-D---um--f- switch1    0d:0h:56m:8s

       (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2,
       (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM,
       (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown,
       (*) Preferred unicast route (@) Preferred multicast route,
       (#) Preferred unicast and multicast route.

Flags: (b) BFD protection requested, (B) BlackHole, (c) Compressed, (D) Dynamic,
       (f) Provided to FIB, (G) Gateway, (H) Host Route, (l) Calculated LDP LSP,
       (L) Matching LDP LSP, (m) Multicast, (p) BFD protection active, (P) LPM-routing,
       (R) Modified, (s) Static LSP, (S) Static, (t) Calculated RSVP-TE LSP,
       (T) Matching RSVP-TE LSP, (u) Unicast, (U) Up, (3) L3VPN Route.

MPLS Label: (S) Bottom of Label Stack
Mask distribution:
     2 routes at length 24

Route Origin distribution:
     1 routes from Direct               1 routes from OSPFIntra


Total number of routes = 2
Total number of compressed routes = 0

* (vr vrtesti) lab9.sw1.6 #

Switch2 OSPF & Routes info
* (vr vrtesti) lab9.sw2.4 # show ospf

OSPF : Enabled MPLS LSP as Next-Hop: No
RouterId : 2.2.2.2 RouterId Selection : Configured
ASBR : No ABR : No
ExtLSA : 0 ExtLSAChecksum : 0x0
OriginateNewLSA : 6 ReceivedNewLSA : 5
SpfHoldTime : 3 Lsa Batch Interval : 30s
CapabilityOpaqueLSA : Enabled
10M Cost : 10 100M Cost : 5
1000M Cost (1G) : 4 10000M Cost (10G) : 2
40000M Cost (40G) : 2
100000M Cost (100G) : 1
Router Alert : Disabled Import Policy File :
ASExternal LSALimit : Disabled Timeout (Count) : Disabled (0)
Originate Default : Disabled
SNMP Traps : Disabled
Redistribute:
Protocol Status cost Type Tag Policy
direct Disabled 0 0 0 None
static Disabled 0 0 0 None
rip Disabled 0 0 0 None
e-bgp Disabled 0 0 0 None
i-bgp Disabled 0 0 0 None
isis-level-1 Disabled 0 0 0 None
isis-level-2 Disabled 0 0 0 None
isis-level-1-external Disabled 0 0 0 None
isis-level-2-external Disabled 0 0 0 None
* (vr vrtesti) lab9.sw2.5 # show ospf neighbor
Neighbor ID Pri State Up/Dead Time Address Interface
BFD Session State
==========================================================================================
1.1.1.1 1 FULL /DROTHER 00:00:59:40/00:00:00:04 192.168.11.2 switch2
None

Total number of neighbors: 1 (All neighbors in Full state)

* (vr vrtesti) lab9.sw2.6 # show iproute
Ori Destination Gateway Mtr Flags VLAN Duration
#d 192.168.11.0/24 192.168.11.3 1 U------um--f- switch2 0d:1h:45m:34s
#d 192.168.12.0/24 192.168.12.1 1 U------um--f- switch2hosti 0d:1h:33m:30s

(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2,
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM,
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown,
(*) Preferred unicast route (@) Preferred multicast route,
(#) Preferred unicast and multicast route.

Flags: (b) BFD protection requested, (B) BlackHole, (c) Compressed, (D) Dynamic,
(f) Provided to FIB, (G) Gateway, (H) Host Route, (l) Calculated LDP LSP,
(L) Matching LDP LSP, (m) Multicast, (p) BFD protection active, (P) LPM-routing,
(R) Modified, (s) Static LSP, (S) Static, (t) Calculated RSVP-TE LSP,
(T) Matching RSVP-TE LSP, (u) Unicast, (U) Up, (3) L3VPN Route.

MPLS Label: (S) Bottom of Label Stack
Mask distribution:
2 routes at length 24

Route Origin distribution:
2 routes from Direct

Total number of routes = 2
Total number of compressed routes = 0

* (vr vrtesti) lab9.sw2.7 #

Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb
They are VM's
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Do you know that you can capture traffic inside VirtualBox?

You can configure what VB calls network tracing with the following command:
vboxmanage modifyvm <vm-name> --nictraceX on --nictracefileX <filename>.pcap

To disable it use:
vboxmanage modifyvm <vm-name> --nictraceX off

That way you can check what's going on at different places in your network...

Can you also post the vboxmanage showvminfo of your Windows PCs?
(Edited)
Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb
OK, I got it. It was windows firewall in the VM :)

I totally forgot that they have integrated firewall's since I have used F-Secure for ages.

Now the windows machines can communicate.

Actually I was not aware that it is possible to capture traffic in virtualbox, that is very handy indeed!
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Good to know things are working ok now.

This is great troubleshooting practice! THat's why I love these little things.
Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb
Indeed! Thanks, you were very helpful :)
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,492 Points 10k badge 2x thumb
if you can ping host1 to host2, and not vice-versa, the issue must be in some typo (wrong addressing somewhere in between so you're not actually pinging host2, but something else) or wrong link configuration on VB.
Photo of Drew C.

Drew C., Community Manager

  • 37,308 Points 20k badge 2x thumb
I should also ask if the Windows firewall is causing your woes.  Have you checked to make sure it is either off or is allowing ICMP/Ping?
Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb
I have exclusively added a rule to accept ICMP-requests to both directions. I also tried to ping without firewall.
Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb
And I was talking about host machine's firewall, I now realized you were talking about windows firewall inside VM. You were totally right!

Damn I feel stupid.
Photo of Drew C.

Drew C., Community Manager

  • 37,308 Points 20k badge 2x thumb
Don't feel stupid, I'm just glad it works now :)
In our labs, we use a lot of virtualization for customer issue replications and I see it often.
Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb
OKAY I must've have a typo somewhere, because now the hosts can actually reach each other when I use switches as hosts.

But some reason windows-hosts cannot. There must be problem with the windows then!
(Edited)
Photo of Petteri Oksanen

Petteri Oksanen

  • 380 Points 250 badge 2x thumb
It was windows firewall in the VM! Now everything works!
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Petteri,

Since you are doing complex labs, you may be interested in using all 8 adapters available in the EXOS VM.

Only the first 4 adapters can be managed throgh the GUI. The remaining 4 adapters (corresponding to ports 4 to 7 in the switch) must be configured using vboxmanage.

Here's the list of commands needed to enable and configure these adapters:
  • vboxmanage modifyvm <vm-name> --nicX bridged | intnet
    (to definer adapter X as Bridged or Internal Network)
  • vboxmanage modifyvm <vm-name> --intnetX <name>
    (to define the name of the internal network connected to adapter X)
  • vboxmanage modifyvm <vm-name> --nictypeX Am79C973
    (to define the adapter’s nic type as PCnet-FAST III)
  • vboxmanage modifyvm <vm-name> --nicpromiscX allow-all
    (to configure adapter X promiscuous mode)
  • vboxmanage modifyvm <vm-name> --cableconnectedX on |off
    (to configure adapter X cable connected status)
  • vboxmanage modifyvm <vm-name> --macaddressX <mac>
    (to configure adapter X MAC address)
So, if you want to configure Adapter 5 of a VM named sw1 so that it connects to link15 the commands would be:
vboxmanage modifyvm sw1 --nic5 intnet
vboxmanage modifyvm sw1 --intnet5 link15
vboxmanage modifyvm sw1 --nictype5 Am79C973
vboxmanage modifyvm sw1 --nicpromisc5 allow-all
vboxmanage modifyvm sw1 --cableconnected5 on
vboxmanage modifyvm sw1 --macaddress5 00:11:22:33:44:55:66

Additional adapters configured through the CLI will appear in the GUI, but you will not be able to configure them or view detailed information.



To get detailed information about these adapters you'll need to use

vboxmanage showvminfo <vm-name>

Vboxmanage is very useful if you plan to write scripts to automate tasks...