vCMP Host and Guest Communication
Hi All,
I'm having some difficulty with some pre-testing that I'm doing for a vCMP Host - Guest design and hoping somebody here could steer me in the right direction.
Basically, the deployment is very restrictive in terms of isolation so for each environment (UAT/PPD/PRD) we have presentation, abstraction and database networks.
Due to the restrictive nature of the deployment where each environment network needs to be firewalled off (L3 gateway for each subnet is the firewall), the only way I have found to achieve the isolation restrictions is to create 3 x RDs per administration partition referencing each environment and defining a unique RD default gateway for each subnet for each environment.
What I'm wanting to do is some pre-testing to verify my configuration by creating a self IP on the vCMP host in each VLAN for each environment and verify that the strict isolation requirements are working and that I can ping from a specific RD on the guest to an IP address in a different network on the vCMP host.
I can ping from the vCMP guest to each of the self IP addresses defined on the vCMP host, confirming that the VLANs are presented between vCMP host and guest.
The problem is that I never get an echo reply back from the vCMP host when trying to ping outside of the local route domain subnet.
- An example:
- UAT Presentation network is 192.168.8.0/24, can ping 192.168.8.1 on vCMP host (VLAN 180) (self IP 8.252, floating IP 8.254). I can ping from host to vADC and vADC to host ok. (route domain 8)
- UAT Abstraction network is 192.168.9.0/24, can ping 192.168.9.1 on vCMP host (VLAN 190) (self IP 9.252, floating IP 9.254). I can ping from host to vADC and vADC to host ok. (route domain 9)
What fails is pinging from route domain 8 to the vCMP host IP 192.168.9.1. If I tcpdump on the vCMP host, I see the echo request come in on the Presentation network interface on the vCMP host but never get a echo reply.
Update: I'm guessing but I think my issue is that I'm trying to route through a self IP/floating IP. The only way this would work is if I had a forwarding VIP setup in the appropriate zones and that IP address was used as next hop right? I don't think this could work as vCMP host is dedicated to vCMP only and isn't running LTM. Therefore I cannot define a forward VIP and this testing is flawed. Can somebody please verify that my comment is correct?
Would be hugely appreciated.
Cheers, Andy.