Troubleshooting virtual machine default gateway connection issues
Article ID: 307777
Updated On:
Products
Issue/Introduction
Note: If connection to the default gateway is successful, but connections to other subnets are unsuccessful, then there is an issue in routing/Layer 3. VMware recommends to contact your network team to determine why the Layer 3 connections are failing.
Symptoms:
- The default gateway connection fails.
- Cannot connect to anything outside of the subnet.
- You experience connectivity issues.
Environment
VMware vSphere ESXi 7.0.x
VMware vCenter Server 7.0.x
VMware vCenter Server 6.7.x
VMware vSphere ESXi 6.7.x
VMware vSphere ESXi 8.0.x
VMware vCenter Server 8.0.x
Resolution
To troubleshoot this issue
Compare the virtual machine with the issue to other virtual machines in the same port group/subnet.- If all VMs in the same subnet and on the same host have an issue reaching the default gateway, check the VLAN configuration on the port group and ask your network team to also check the VLAN configuration on the physical switch. For more information, see VLAN configuration on virtual switches, physical switches and virtual machines (311764) .
- If only a few VMs have a gateway connectivity issue, open an SSH session to the host and run esxtop then n (for networking) to verify which vmnics the VMs are using.
- If the working VMs are on one vmnic and the non-working VMs are on a different vmnic, then there is a misconfiguration on the non-working vmnic. Have your network team check the VLAN configuration for both vmnics on the physical switch.
- If the VMs are using the same vmnic, yet one can ping the gateway and the other cannot ping the gateway, check Troubleshooting virtual machine network connection issues (324542) for more troubleshooting.
- If the working VMs are on one vmnic and the non-working VMs are on a different vmnic, then there is a misconfiguration on the non-working vmnic. Have your network team check the VLAN configuration for both vmnics on the physical switch.
Note: Validate network connectivity by performing ping tests between VMs on the same host and VLAN. Successful pings confirm that the vSwitch or DVS is effectively forwarding packets and that there are no issues at the hypervisor or ESXi layer.
To verify Default Gateway connectivity
- Use the ipconfig command to determine and verify your computer's IP address and subnet mask. For more information, see Verifying virtual machine TCP/IP settings (344317) .
- Test pings to the default gateway using the command:
Ping 10.10.10.1
The output looks similar to:
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=2ms TTL=255
Reply from 10.10.10.1: bytes=32 time<1ms TTL=255 <br>Reply from 10.10.10.1: bytes=32 time<1ms TTL=255 <br>Reply from 10.10.10.1: bytes=32 time<1ms TTL=255<br>
Ping statistics for 10.10.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 2ms, Average = 0ms
Note: If you do not know the correct IP address for your default gateway, contact your network administrator.
- If there is more then one hop between the host and the gateway, run the Trace Route (tracert) command to see at which hop the ping fails to reply:
tracert 10.10.10.1
The output looks similar to:
Tracing route to 10.10.10.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.10.10.1<br>Trace complete
Additional Information
The default gateway is an entry point and an exit point in a virtual machine sub-net, VLAN, or network.
In general, a gateway is a routing device that knows how to pass traffic between different subnets and networks.
Layer 2 and layer 3 switches with VLAN configuration allows IP assignment to each VLAN that will be used as default gateway as for that particular VLAN. A router contains routes for other subnets.
For more troubleshooting information, see:
- Loss of network connectivity when Cisco port security is configured on the physical switch
- VLAN configuration on virtual switches, physical switches, and virtual machines
- Verifying virtual machine TCP/IP settings
- Troubleshooting virtual machine default gateway connection issues
- Troubleshooting network connection issues caused by firewall configuration
- Resolving virtual machine IP address conflict issues
- Troubleshooting network connectivity issues using Address Resolution Protocol (ARP)
- Troubleshooting virtual machine TCP/IP issues by pinging the loopback address
- Collecting diagnostic information for VMware products
- Troubleshooting VMware vSphere ESXi Virtual Machine TCP/IP ping connection issues (324495)
- Troubleshooting virtual machine network connection issues (324542)
------------------------------------------------------------------------------------------------------------------------------------------------------
Scenario: Unable to connect to a specific IP and encountering an unidentified network adapter.
If a virtual machine has two network adapters, it's essential to confirm how routing is handled for Layer 3 connectivity from the virtual machine.
When a specific network adapter is designated for external connectivity, and there is no Layer 3 communication occurring on the secondary adapter, we need to ensure that no gateway is configured on the secondary NIC. This configuration allows the secondary NIC to use the primary NIC's route for external connectivity.
If a gateway is assigned to the secondary NIC and there is no route available through that gateway, the secondary network will appear as unidentified and will be unable to communicate with Layer 3 devices. In this scenario, the gateway on the secondary adapter should be removed.
-----------------------------------------------------------------------------------------------------------------------------------------------------
Feedback
