Comware

Hello,

We have three servers connected to a HPE 5130-24G-4SFP+ EI switch. Each server is on a different vLAN - all the vLANs are configured as access ports. We have created three vLAN interfaces for each vLAN, with it's own IP adresses.

When we try to establish a ping from a server on one vLAN to a server on another vLAN, the ping communication fails with message - "Destination host unreachable".

--> Ping communications from the switch to all the vLAN interfaces is successful.

--> Ping communications from the switch to all the three servers is successful.

--> Ping communication from a server to solely it's respective vLAN interface is successful. 

--> Ping communication from a server to another vLAN interface fails. 

Any ideas if there is something that I might have missed in my configuration? 

Hello!

I would check default gateway setting on your servers. It must be set to respective Vlan-interface on the 5130

Hi,

Thanks for your response. I forgot to mention this in my query, the gateways I have set on the servers are their respective vLAN interface IP addresses. Somehow, still cannot get the two devices across different vLANs to communicate.

Hello!

That is very strange indeed, but still all the symptoms points us to a hypothesys that traffic to outside subnets is not routed by the servers to VLAN-interfaces, as unlike many other vendors, IP routing is enabled in all Comware products by default, so there should be nothing that stops it.

Could you check the following:

1. Enable IP TTL expired and IP Unreachable ICMP messages in the switch:

system-view
ip ttl-expires enabled
ip unreachables enabled
return

2. run traceroute from a host in one VLAN to a host in other VLAN

3. run 'ipconfig /all',  'arp -a' and 'route print' on both hosts (valid for Windows hosts, if you use other OS, collect IP information of all network interfaces, routing table and ARP cache)

4. From the 5130 ping both servers using different source VLAN interface, for example if you have two VLANs - 10 and 20, with ip addresses assigned 10.0.10.1/24 and 10.0.20.1/24 respectively, and your servers in each VLAN are 10.0.10.100/24 and 10.0.20.100/24 (for example) run two pairs of ping commands:

a. ping servers using source IP of their VLAN interface:
ping 10.0.10.100
ping 10.0.20.100

b. ping servers using other VLAN as a source:
ping -a 10.0.20.1 10.0.10.100
ping -a 10.0.10.1 10.0.20.100

If you will run a Wireshark on each host at that time, it will greatly help us as we will see if ICMP echos are reaching the servers and if servers reply at all, and if they do - what is the destination MAC address of these replies - it should be equal to 5130's VLAN interface MAC (can be checked by 'display interface <Vlan-interface> | i hardware')

5. Generate 'display diag' after all tests above.

Then share the information collected on Steps 2-5 with me - console outputs, Wiresharek traces, diag from the 5130, hopefully together we'll find the root cause.

Hello,

Yes, this is the reason I'm confused on how to resolve the issue since this comware switch has routing enabled by default once the vLAN interface is up and running. I have collected all the logs that you had requested. Unfortunately, I'm unable to upload them, I have compressed them into a single zip file. I don't seem to have an option to upload the file(s). Could you please guide me on a way to upload them, I'm afraid there are too much information to paste in the message area.  

Cheers.

Hello!

I have sent you a PM with FTP dropbox details. 

Thank you!

Hello,

Thank you for the PM and providing the FTP link. I have copied the log files to the FTP link. Hopefully, the logs might tell where the problem resides. 

Cheers.

Hello!

Thank you for providing the data!

After checking the 'ping -a' commands output it became obvious that the host in VLAN 20 with IP address 10.25.6.1 is the issue:

[HPE]ping -a 10.24.44.1 10.25.6.1
Ping 10.25.6.1 (10.25.6.1) from 10.24.44.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

Since the same host is pingable from VLAN 20, but not from VLAN 40 everything points us to my initial guess - default gateway setting. The fact other host in VLAN 40 can be pinged from VLAN 20 IP address on the switch only confirms that guess.

If we check the 'ipconfig /all' output from that host we immediately see the issue:

Default Gateway . . . . . . . . . : 0.0.0.0
10.25.6.254

That host has two default gateway and the first one is the host itself, which is totally wrong.

'route print' output confirms this:

===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.25.6.1 Default <<<<<<<< ISSUE!!!
0.0.0.0 0.0.0.0 10.25.6.254 Default
===========================================================================

Wireshark trace also shows us that ICMP echos arrive on the host, but it doesn't send out ICMP echo replies back. ARP is the most interesting part, check following packets:

#1834 - incoming ICMP echo from 10.24.44.1
#1835 - PC sends out ARP request for 10.24.44.1 <<<<<< !!!!! Totally wrong behavior

I hope it is clear now what is going on here - that default route on the host that points to itself as default gateway is the root cause. 

Hope it helps!

Thanks a lot for your help! Seems the 0.0.0.0 gateway setting doesn't get replaced after I add a new gateway address. I had to do a "route delete 0.0.0.0" to remove the entry.  Worked like a charm, now my hosts can communicate with each other.

Thanks again! Cheers!