Off topic…

I don’t plan on doing many off topic posts, but I’ll make an exception for this.

I’m getting married tomorrow!

It’s not going to be a huge, lavish event, in fact we’ve been pretty slack about organising it! But it’s about us, our love for each other, and sharing the event with those we care about – the important things. Oh, and we’ve both been married before, and would rather have a new kitchen than a £20k wedding 😀

Anyway, consequently I won’t be posting much over the next few weeks, but I hope everyone has a fab summer, and normal service (with boring tech postings) will resume in a few weeks.



Testing network connectivity from ESXi

Like most people, I’ve always used the “telnet” utility for testing whether a server/tcp port is accessible, when maybe a more complex application is barfing about it.

Of course there have been plenty of attempts to remove it from OSes, the usual reason being “telnet is an insecure protocol, you shouldn’t be using it”
Well… yes it’s an insecure protocol, but no-one in their right mind has been using telnet to log in to systems for many, many years!

Since SSH became prevalent, telnet has only been used for testing whether an IP address / TCP port combination is accessible. You get a number of different responses depending on the connectivity:

  • Immediate connection (and maybe some junk on the screen)
  • Immediate fail – connection is being Rejected – the server (or sometimes a firewall en-route) is forcibly blocking the connection
  • Timeout after a minute or so – connection is either being discarded by a firewall, or there is no route to the server

These 3 different responses are obviously helpful in your troubleshooting. You may be able to infer these different states by monitoring the connection table on the source, for states such as SYN_SENT or ESTABLISHED, but it’s a lot harder that way.

Anyway, enough of history, on ESXi there is no “telnet” utility. Boo! There is however, “nc”. I’m not sure if it’s always been there, but on 5.1U2 it certainly is (which is our minimum level of ESXi in the area I work).

Using the following command:
nc -z -w5 hostname tcpport

will give a suitable replacement for “telnet” eg:

~ # nc -z -w5 esxi-server 5989
Connection to esxi-server 5989 port [tcp/wbem-https] succeeded!

“ping” can also sometimes be used to help, although often the necessary ICMP messages are filtered by firewalls.