Reputation: 457
Unable to ping VM in a different subnet residing in the same VPC
I have a VPC.
Within that VPC, I have subnetA with a CIDR range of 10.238.232.0/27. In the same VPC I have another subnetB with a CIDR range 192.168.10.0/28.
vmA is deployed in subnetA and vmB is deployed in subnetB
vmA IP --> 10.238.232.9/32
vmB IP --> 192.168.10.2/32
When I ping vmB from vmA, the only response I have is
# ping 192.168.10.2
PING 192.168.10.2 (192.168.10.2) 56(84) bytes of data.
Since Im logged into vmB via console, below are the messages I see on cosole
[95544.705578] IPv4: martian source 192.168.10.2 from 10.238.232.9, on dev ens5
[95544.712774] ll header: 00000000: 42 01 c0 a8 0a 02 42 01 c0 a8 0a 01 08 00 B.....B.......
Oct 16 20:29:07 vmB kernel: [95544.705578] IPv4: martian source 192.168.10.2 from 10.238.232.9, on dev ens5
Oct 16 20:29:07 vmB kernel: [95544.712774] ll header: 00000000: 42 01 c0 a8 0a 02 42 01 c0 a8 0a 01 08 00 B.....B.......
To troubleshoot, I allowed ALL traffic both ingress and egress for the VPC. I still cannot ping cross subnets.
Pinging VMs within subnets works perfectly fine.
Since I have also allowed all traffic using FW rules, why am I not able to ping the VMs cross subnet ?
Upvotes: 0
Views: 2097
Answers (1)
Reputation: 101
In the default VPC there are some pre-polutated firewall rules that allow internal communication between subnets, since it seems like you are using a custom VPC you need to manually create your firewall rules as needed, but since you created a permissive firewall rule (allow Ingress/Egress for all instances from ranges 0.0.0.0/0) it should be enough.
To discard/confirm any issue within your VPC you can take advantage of "Connectivity Tests" to simulate traffic between your instances and the output will give you an insight about the issue, the test result is either PASS or FAIL, in both cases you will see this flow considering many networking components (firewall rules, routes, peerings, hybrid connectivity, etc), if there is something missing in your GCP configuration you will notice it, on the other hand, if the test result is PASS then most likely the issue resides within your VM configurations, a good option would be to run a packet capture and see if packets are actually arriving your VMs and being discarded, for example, install tcpdump and run the following command in vmB (modify it as needed):
tcpdump -i ens5 src 10.238.232.9 icmp
If packets are being discarded check your iptables and network configuration, as suggested in the comments the output of commands iptables -L and ip route could be useful.
Upvotes: 1
Related Questions
- <AWS VPC> Unable to ping private subnet instance from a public subnet instance
- how to communicate 2 instances inside the same VPC but different subnets (regions) using internal IP
- why can't I ping the external IP address of my Google Compute Engine instance?
- Public IPv4 communication within VPC in GCP
- Linux VM instance as a Gateway between two different subnets
- Cannot Ping Another Google Compute VM created with Terraform
- Gcloud instance can't ping another one
- Container in GKE can't ping compute instance on the same network
- Google Cloud VM additional IP adress same subnet
- Not able to ping gateway in GCE new VM Instance