Unable to ping snapshot appliance
search cancel

Unable to ping snapshot appliance

book

Article ID: 401897

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

  • Pinging (ICMP echo) vSAN's vscan snapshot appliance results in timeouts.
  • Many monitoring platforms include ICMP liveness monitoring, but the vscan snapshot appliance does not respond by default.

Environment

8.x

Cause

The default iptables rules do not allow ICMP to the source of your ping request.

Resolution

Add an iptables rule for the endpoint from which you wish to ping using the following commands:

  1. iptables -A INPUT -p icmp --icmp-type echo-request -s <SOURCE> -j ACCEPT
  2. iptables -A OUTPUT -p icmp --icmp-type echo-reply -d <SOURCE> -j ACCEPT
  3. Repeat steps 1 and 2 for each required source endpoint
  4. iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
  5. iptables-save > /etc/systemd/scripts/ip4save 
Powered by Wolken Software