This issue might occur if one of the conditions exists:
An internal firewall is configured for the VM.
The security group configured on the vnet interface of the VM blocks packets.
IP binding and MAC binding are configured for the NIC of the VM, but the bound MAC address is different from the MAC address of the NIC.
This section uses VM 1 to ping VM 2 as an example.
To resolve the issue:
Ping VM 2 from VM 1 and use the # tcpdump –lni <vnet_name> -Q in command on the vnet interface of VM 1 that connects VM 1 to OVS to capture ARP packets sent from VM 1.
If ARP packets cannot be captured, packets fail to enter the OVS. Examine if firewall or other settings configured on VM 1 prevent packets from being forwarded.
If ARP packets can be captured, proceed to the next step.
Use the # tcpdump –lni <vnet_name> -Q out command on the vnet interface of VM 2 that connects VM 2 to the OVS to capture ARP packets from VM 1.
If ARP packets from VM 1 cannot be captured, examine security group, IP binding, and MAC binding settings on the vnet interfaces that connect the VMs to the OVS. Identify configurations that cause packet drop.
If ARP packets can be captured, proceed to the next step.
Use commands or wireshark (Windows VM) on VM 2 to capture ARP packets from VM 1.
If ARP packets from VM 1 cannot be captured, examine if firewall or other security software configured on the VM blocks packets.
If ARP packets can be captured, use the methods described in the previous steps to identify the reason why ARP responses from VM 2 are discarded.