I am facing a peculiar problem. Earlier we had 4 network segments in our production setup, say segment A,B,C and D. A,B and C are able to communicate with each other,the corporate lan and the internet. Segment D is completely isolated segment and purely used for backup and management. so a host Z only on segment D was not able to access any of the other segment.
We recently introduced vmvare vsphere 5.1 setup in our production environment. We have created a distributed switch in vcenter. The distributed switch has uplinks from all the 4 network segments. We have created separate port group for each segment as well.
Now the problem is the host D is now able to communicate with other segments, but only those in the vmware setup, ie hosts attached to the distributed switch. Physical machines in other segments are still not accessible by machine Z.
Now this is my analysis of the problem.
- Checking the host Z, if found the the default gateway was set as host Z itself.
- A vsphere distributed switch behaves like an L2 switch and port groups are just a group of ports and does not mark any isolation between them.
- Since the default gateway is maintained, there is path in the host Z routing table for all other segments. ie the packets reach the D segment switch[point 1].The switch is then sending these packets through the uplinks to the vsphere distributed switch, Keeping point 2 in mind, the packets reaches the destination host.
Point 3 is where I am confused[specifically, the part which is bolded], may be due to my less knowledge in the networking side. Since for machine Z, the gateway is itself, any packet sent for other segments should return to itself….!!.??..or I know that there is something called the spanning tree protocol, which prevents looping in the network. Is this coming into play….?? How is the packet reaching my distributed switch….??
Please correct me if any of the points are wrong and many thanks in advance.
Best Answer
At last got the answer to my question. Its was due to how Linux implelemts TCP/IP stack. By default it uses weak host model.[http://en.wikipedia.org/wiki/Host_model] . The Remote hosts network adapter which was connected to the private network was responding to request on the ip of the other adapter due to this.
The host Z was always accessing the private network D only . As mentioned by sean,since the default gateway of Z was set to itself, it would try to sent packets directly to any other host, which supported the behaviour.