F5 LB - Guest VLAN Advanced Zone

[Anoop Mohan <An...@microland.com>]

Hi Team,

 

 

If I want to use external load balancer  F5 , is it mandate to use an
external firewall rather than using VR as Firewall service?

 

Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. 
Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited. 
If you received this in error, please contact the sender and delete the material from your computer. 
Microland takes all reasonable steps to ensure that its electronic communications are free from viruses. 
However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software.

Re: F5 LB - Guest VLAN Advanced Zone

[murali reddy <mu...@gmail.com>]

On Fri, Apr 19, 2013 at 9:51 AM, Anoop Mohan <An...@microland.com> wrote:

> Hi Team,
>
>
>
>
>
> If I want to use external load balancer  F5 , is it mandate to use an
> external firewall rather than using VR as Firewall service?
>
>
>
So there are two deployment models. 'inline' and 'side-by-side'. In inline
case your LB service provider like F5 is configured to be behind firewall.
Where as in 'side-by-side' mode, load balancer device will receive inbound
public traffic directly with out going though the firewall. You can have
a 'side-by-side' combination of VR providing firewall service and F5
providing the load balancing service.


>
> Regards,
>
> Anoop Mohan
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material.
> Any review, re-transmission, dissemination or other use of or taking of
> any action in reliance upon,this information by persons or entities other
> than the intended recipient is prohibited.
> If you received this in error, please contact the sender and delete the
> material from your computer.
> Microland takes all reasonable steps to ensure that its electronic
> communications are free from viruses.
> However, given Internet accessibility, the Company cannot accept liability
> for any virus introduced by this e-mail or any attachment and you are
> advised to use up-to-date virus checking software.
>

RE: F5 LB - Guest VLAN Advanced Zone

[Anoop Mohan <An...@microland.com>]

Hi venkat,

This is 3.0.6. I have started a new thread in  Citrix forum regarding
the same

Thanks for your help

-----Original Message-----
From: Venkata SwamyBabu Budumuru
[mailto:venkataswamybabu.budumuru@citrix.com] 
Sent: Wednesday, April 24, 2013 10:45 AM
To: Anoop Mohan; users@cloudstack.apache.org;
cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Can you paste the API that was fired from logs? You will see this kind
of error only when CIDR specified. 

Which version of cloudstack you are using? 

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com] 
Sent: Wednesday, 24 April 2013 10:43 AM
To: Venkata SwamyBabu Budumuru; users@cloudstack.apache.org;
cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sorry for my typo error

Pasting below


If I didn't specify CIDR, Below   UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan
-----Original Message-----
From: Venkata SwamyBabu Budumuru
[mailto:venkataswamybabu.budumuru@citrix.com]
Sent: Wednesday, April 24, 2013 10:32 AM
To: Anoop Mohan; users@cloudstack.apache.org;
cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop,

createNetwork automatically generates a random unique CIDR in case if
there are external devices used for some of the service. Please try
creating guest n/w without CIDR and it should solve the issue.

Thanks,
SWAMY

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Wednesday, 24 April 2013 10:14 AM
To: users@cloudstack.apache.org; Venkata SwamyBabu Budumuru;
cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Venkat,

I tried as you stated below. But still not able to create guest network.

Setup Details.

1. Created  New NW Offerings with  services Capabilities as Dhcp:
VirtualRouter, Lb: F5BigIp, Dns: VirtualRouter, Vpn: VirtualRouter,
Firewall: VirtualRouter, StaticNat: VirtualRouter, UserData:
VirtualRouter, PortForwarding: VirtualRouter, SourceNat: VirtualRouter

2. Login with Admin user of newly created domain and try creating guest
network using new NW offerings. Even I tried with users under ROOT
domain as well

If I specify CIDR for guest , then it throws below error

2013-04-24 10:07:17,252 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-1:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network
Ntwk[-1|Guest|18]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1

If I specify CIDR, Below   UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan

-----Original Message-----
From: Venkata SwamyBabu Budumuru
[mailto:venkataswamybabu.budumuru@citrix.com]
Sent: Saturday, April 20, 2013 3:25 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

About the error you mentioned here is due to the fact that in the
NetworkOffering you selected "source nat type" as 'per zone'. In case of
VR providing SNAT service, we only support 'PER account'.




Sent from Samsung tablet

Anoop Mohan <An...@microland.com> wrote:
Hi Sanjeev,


 >>>>> Please make sure that no guest VLANs were configured on F5 before
adding to cloud stack. Also check the reachability to F5 from management
server.


The guest VLANs which need to Integrate to CloudStack  doesn't exist in
F5. I'm using BIG-IP 9.4.7.

I'm following below wiki

http://wiki.cloudstack.org/pages/viewpage.action?pageId=11830811


>>>>> Related to second issue (access to guest vm from outside)
:PF/Static NAT services should present in the guest network. But I don't
see those services in the network you have mentioned.

Yes I created a Network offerings with Static NAT works. Every Time I
have to acquire new Public  IP address  and assign to VM's  created
under isolated Tenant.

Now Facing below issue.

Add F5 device and enabled.

When I use combination of VR Services and F5 LB Service  as new Network
offerings, and try spawning VM's using the same getting below error


2013-04-19 16:43:31,788 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-15:null) Exception while executing
CreateNetworkOfferingCmd:
com.cloud.exception.UnsupportedServiceException: Service SourceNat
doesn't support value "perzone" for capability SupportedSourceNatTypes
on VirtualRouter

2013-04-19 16:46:05,088 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-20:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network
Ntwk[-1|Guest|17]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1


Is there any doc available or could you recommend  in which I can create
Network offerings for Isolated Guest Network using VLAN with external
Network devices and VR services


Anoop Mohan


-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 3:06 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi,

Please make sure that no guest VLANs were configured on F5 before adding
to cloud stack. Also check the reachability to F5 from management
server.
Related to second issue (access to guest vm from outside) :PF/Static NAT
services should present in the guest network. But I don't see those
services in the network you have mentioned.

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 11:48 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sanjeev,

I tried creating VM using Guest VLAN  Network

Created Guest Network with Source NAT, Firewall, LB, DNS ,DHCP expect LB
the other services are served by VR

I got the below error in logs


2013-04-18 17:15:24,620 WARN  [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-106:job-78) unexpected ResourceUnavailableException :
com.cloud.network.Network
com.cloud.exception.ResourceUnavailableException: Resource [Network:214]
is unreachable: External load balancer was unable to implement the guest
network on the external load balancer in zone microzone
        at
com.cloud.network.ExternalLoadBalancerDeviceManagerImpl.manageGuestNetwo
rkWithExternalLoadBalancer(ExternalLoadBalancerDeviceManagerImpl.java:10
19)


Also I have another issue, I'm not able to access ( ping or ssh ) Guest
VLAN network VMs  from other Networks like Man NW or outside. Adding to
this I'm not able to ping Public IP address if VR  from outside.

Is that something related to Source NAT
?

Regards,
Anoop Mohan



-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 11:17 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall .

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,





If I want to use external load balancer  F5 , is it mandate to use an
external firewall rather than using VR as Firewall service?



Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Any review, re-transmission, dissemination or other use of or taking of
any action in reliance upon,this information by persons or entities
other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the
material from your computer.
Microland takes all reasonable steps to ensure that its electronic
communications are free from viruses.
However, given Internet accessibility, the Company cannot accept
liability for any virus introduced by this e-mail or any attachment and
you are advised to use up-to-date virus checking software.

RE: F5 LB - Guest VLAN Advanced Zone

[Venkata SwamyBabu Budumuru <ve...@citrix.com>]

Can you paste the API that was fired from logs? You will see this kind of error only when CIDR specified. 

Which version of cloudstack you are using? 

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com] 
Sent: Wednesday, 24 April 2013 10:43 AM
To: Venkata SwamyBabu Budumuru; users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sorry for my typo error

Pasting below


If I didn't specify CIDR, Below   UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan
-----Original Message-----
From: Venkata SwamyBabu Budumuru
[mailto:venkataswamybabu.budumuru@citrix.com]
Sent: Wednesday, April 24, 2013 10:32 AM
To: Anoop Mohan; users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop,

createNetwork automatically generates a random unique CIDR in case if there are external devices used for some of the service. Please try creating guest n/w without CIDR and it should solve the issue.

Thanks,
SWAMY

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Wednesday, 24 April 2013 10:14 AM
To: users@cloudstack.apache.org; Venkata SwamyBabu Budumuru; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Venkat,

I tried as you stated below. But still not able to create guest network.

Setup Details.

1. Created  New NW Offerings with  services Capabilities as Dhcp:
VirtualRouter, Lb: F5BigIp, Dns: VirtualRouter, Vpn: VirtualRouter,
Firewall: VirtualRouter, StaticNat: VirtualRouter, UserData:
VirtualRouter, PortForwarding: VirtualRouter, SourceNat: VirtualRouter

2. Login with Admin user of newly created domain and try creating guest network using new NW offerings. Even I tried with users under ROOT domain as well

If I specify CIDR for guest , then it throws below error

2013-04-24 10:07:17,252 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-1:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network Ntwk[-1|Guest|18]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1

If I specify CIDR, Below   UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan

-----Original Message-----
From: Venkata SwamyBabu Budumuru
[mailto:venkataswamybabu.budumuru@citrix.com]
Sent: Saturday, April 20, 2013 3:25 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

About the error you mentioned here is due to the fact that in the NetworkOffering you selected "source nat type" as 'per zone'. In case of VR providing SNAT service, we only support 'PER account'.




Sent from Samsung tablet

Anoop Mohan <An...@microland.com> wrote:
Hi Sanjeev,


 >>>>> Please make sure that no guest VLANs were configured on F5 before adding to cloud stack. Also check the reachability to F5 from management server.


The guest VLANs which need to Integrate to CloudStack  doesn't exist in F5. I'm using BIG-IP 9.4.7.

I'm following below wiki

http://wiki.cloudstack.org/pages/viewpage.action?pageId=11830811


>>>>> Related to second issue (access to guest vm from outside)
:PF/Static NAT services should present in the guest network. But I don't see those services in the network you have mentioned.

Yes I created a Network offerings with Static NAT works. Every Time I have to acquire new Public  IP address  and assign to VM's  created under isolated Tenant.

Now Facing below issue.

Add F5 device and enabled.

When I use combination of VR Services and F5 LB Service  as new Network offerings, and try spawning VM's using the same getting below error


2013-04-19 16:43:31,788 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-15:null) Exception while executing
CreateNetworkOfferingCmd:
com.cloud.exception.UnsupportedServiceException: Service SourceNat doesn't support value "perzone" for capability SupportedSourceNatTypes on VirtualRouter

2013-04-19 16:46:05,088 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-20:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network Ntwk[-1|Guest|17]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1


Is there any doc available or could you recommend  in which I can create Network offerings for Isolated Guest Network using VLAN with external Network devices and VR services


Anoop Mohan


-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 3:06 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi,

Please make sure that no guest VLANs were configured on F5 before adding to cloud stack. Also check the reachability to F5 from management server.
Related to second issue (access to guest vm from outside) :PF/Static NAT services should present in the guest network. But I don't see those services in the network you have mentioned.

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 11:48 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sanjeev,

I tried creating VM using Guest VLAN  Network

Created Guest Network with Source NAT, Firewall, LB, DNS ,DHCP expect LB the other services are served by VR

I got the below error in logs


2013-04-18 17:15:24,620 WARN  [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-106:job-78) unexpected ResourceUnavailableException :
com.cloud.network.Network
com.cloud.exception.ResourceUnavailableException: Resource [Network:214] is unreachable: External load balancer was unable to implement the guest network on the external load balancer in zone microzone
        at
com.cloud.network.ExternalLoadBalancerDeviceManagerImpl.manageGuestNetwo
rkWithExternalLoadBalancer(ExternalLoadBalancerDeviceManagerImpl.java:10
19)


Also I have another issue, I'm not able to access ( ping or ssh ) Guest VLAN network VMs  from other Networks like Man NW or outside. Adding to this I'm not able to ping Public IP address if VR  from outside.

Is that something related to Source NAT
?

Regards,
Anoop Mohan



-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 11:17 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall .

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,





If I want to use external load balancer  F5 , is it mandate to use an external firewall rather than using VR as Firewall service?



Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.
Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the material from your computer.
Microland takes all reasonable steps to ensure that its electronic communications are free from viruses.
However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software.

RE: F5 LB - Guest VLAN Advanced Zone

[Anoop Mohan <An...@microland.com>]

Sorry for my typo error

Pasting below


If I didn't specify CIDR, Below   UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan
-----Original Message-----
From: Venkata SwamyBabu Budumuru
[mailto:venkataswamybabu.budumuru@citrix.com] 
Sent: Wednesday, April 24, 2013 10:32 AM
To: Anoop Mohan; users@cloudstack.apache.org;
cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop,

createNetwork automatically generates a random unique CIDR in case if
there are external devices used for some of the service. Please try
creating guest n/w without CIDR and it should solve the issue.

Thanks,
SWAMY

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com] 
Sent: Wednesday, 24 April 2013 10:14 AM
To: users@cloudstack.apache.org; Venkata SwamyBabu Budumuru;
cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Venkat,

I tried as you stated below. But still not able to create guest network.

Setup Details.

1. Created  New NW Offerings with  services Capabilities as Dhcp:
VirtualRouter, Lb: F5BigIp, Dns: VirtualRouter, Vpn: VirtualRouter,
Firewall: VirtualRouter, StaticNat: VirtualRouter, UserData:
VirtualRouter, PortForwarding: VirtualRouter, SourceNat: VirtualRouter

2. Login with Admin user of newly created domain and try creating guest
network using new NW offerings. Even I tried with users under ROOT
domain as well

If I specify CIDR for guest , then it throws below error

2013-04-24 10:07:17,252 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-1:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network
Ntwk[-1|Guest|18]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1

If I specify CIDR, Below   UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan

-----Original Message-----
From: Venkata SwamyBabu Budumuru
[mailto:venkataswamybabu.budumuru@citrix.com]
Sent: Saturday, April 20, 2013 3:25 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

About the error you mentioned here is due to the fact that in the
NetworkOffering you selected "source nat type" as 'per zone'. In case of
VR providing SNAT service, we only support 'PER account'.




Sent from Samsung tablet

Anoop Mohan <An...@microland.com> wrote:
Hi Sanjeev,


 >>>>> Please make sure that no guest VLANs were configured on F5 before
adding to cloud stack. Also check the reachability to F5 from management
server.


The guest VLANs which need to Integrate to CloudStack  doesn't exist in
F5. I'm using BIG-IP 9.4.7.

I'm following below wiki

http://wiki.cloudstack.org/pages/viewpage.action?pageId=11830811


>>>>> Related to second issue (access to guest vm from outside)
:PF/Static NAT services should present in the guest network. But I don't
see those services in the network you have mentioned.

Yes I created a Network offerings with Static NAT works. Every Time I
have to acquire new Public  IP address  and assign to VM's  created
under isolated Tenant.

Now Facing below issue.

Add F5 device and enabled.

When I use combination of VR Services and F5 LB Service  as new Network
offerings, and try spawning VM's using the same getting below error


2013-04-19 16:43:31,788 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-15:null) Exception while executing
CreateNetworkOfferingCmd:
com.cloud.exception.UnsupportedServiceException: Service SourceNat
doesn't support value "perzone" for capability SupportedSourceNatTypes
on VirtualRouter

2013-04-19 16:46:05,088 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-20:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network
Ntwk[-1|Guest|17]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1


Is there any doc available or could you recommend  in which I can create
Network offerings for Isolated Guest Network using VLAN with external
Network devices and VR services


Anoop Mohan


-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 3:06 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi,

Please make sure that no guest VLANs were configured on F5 before adding
to cloud stack. Also check the reachability to F5 from management
server.
Related to second issue (access to guest vm from outside) :PF/Static NAT
services should present in the guest network. But I don't see those
services in the network you have mentioned.

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 11:48 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sanjeev,

I tried creating VM using Guest VLAN  Network

Created Guest Network with Source NAT, Firewall, LB, DNS ,DHCP expect LB
the other services are served by VR

I got the below error in logs


2013-04-18 17:15:24,620 WARN  [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-106:job-78) unexpected ResourceUnavailableException :
com.cloud.network.Network
com.cloud.exception.ResourceUnavailableException: Resource [Network:214]
is unreachable: External load balancer was unable to implement the guest
network on the external load balancer in zone microzone
        at
com.cloud.network.ExternalLoadBalancerDeviceManagerImpl.manageGuestNetwo
rkWithExternalLoadBalancer(ExternalLoadBalancerDeviceManagerImpl.java:10
19)


Also I have another issue, I'm not able to access ( ping or ssh ) Guest
VLAN network VMs  from other Networks like Man NW or outside. Adding to
this I'm not able to ping Public IP address if VR  from outside.

Is that something related to Source NAT
?

Regards,
Anoop Mohan



-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 11:17 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall .

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,





If I want to use external load balancer  F5 , is it mandate to use an
external firewall rather than using VR as Firewall service?



Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Any review, re-transmission, dissemination or other use of or taking of
any action in reliance upon,this information by persons or entities
other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the
material from your computer.
Microland takes all reasonable steps to ensure that its electronic
communications are free from viruses.
However, given Internet accessibility, the Company cannot accept
liability for any virus introduced by this e-mail or any attachment and
you are advised to use up-to-date virus checking software.

RE: F5 LB - Guest VLAN Advanced Zone

[Venkata SwamyBabu Budumuru <ve...@citrix.com>]

Hi Anoop,

createNetwork automatically generates a random unique CIDR in case if there are external devices used for some of the service. Please try creating guest n/w without CIDR and it should solve the issue.

Thanks,
SWAMY

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com] 
Sent: Wednesday, 24 April 2013 10:14 AM
To: users@cloudstack.apache.org; Venkata SwamyBabu Budumuru; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Venkat,

I tried as you stated below. But still not able to create guest network.

Setup Details.

1. Created  New NW Offerings with  services Capabilities as Dhcp:
VirtualRouter, Lb: F5BigIp, Dns: VirtualRouter, Vpn: VirtualRouter,
Firewall: VirtualRouter, StaticNat: VirtualRouter, UserData:
VirtualRouter, PortForwarding: VirtualRouter, SourceNat: VirtualRouter

2. Login with Admin user of newly created domain and try creating guest network using new NW offerings. Even I tried with users under ROOT domain as well

If I specify CIDR for guest , then it throws below error

2013-04-24 10:07:17,252 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-1:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network Ntwk[-1|Guest|18]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1

If I specify CIDR, Below   UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan

-----Original Message-----
From: Venkata SwamyBabu Budumuru
[mailto:venkataswamybabu.budumuru@citrix.com]
Sent: Saturday, April 20, 2013 3:25 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

About the error you mentioned here is due to the fact that in the NetworkOffering you selected "source nat type" as 'per zone'. In case of VR providing SNAT service, we only support 'PER account'.




Sent from Samsung tablet

Anoop Mohan <An...@microland.com> wrote:
Hi Sanjeev,


 >>>>> Please make sure that no guest VLANs were configured on F5 before adding to cloud stack. Also check the reachability to F5 from management server.


The guest VLANs which need to Integrate to CloudStack  doesn't exist in F5. I'm using BIG-IP 9.4.7.

I'm following below wiki

http://wiki.cloudstack.org/pages/viewpage.action?pageId=11830811


>>>>> Related to second issue (access to guest vm from outside)
:PF/Static NAT services should present in the guest network. But I don't see those services in the network you have mentioned.

Yes I created a Network offerings with Static NAT works. Every Time I have to acquire new Public  IP address  and assign to VM's  created under isolated Tenant.

Now Facing below issue.

Add F5 device and enabled.

When I use combination of VR Services and F5 LB Service  as new Network offerings, and try spawning VM's using the same getting below error


2013-04-19 16:43:31,788 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-15:null) Exception while executing
CreateNetworkOfferingCmd:
com.cloud.exception.UnsupportedServiceException: Service SourceNat doesn't support value "perzone" for capability SupportedSourceNatTypes on VirtualRouter

2013-04-19 16:46:05,088 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-20:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network Ntwk[-1|Guest|17]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1


Is there any doc available or could you recommend  in which I can create Network offerings for Isolated Guest Network using VLAN with external Network devices and VR services


Anoop Mohan


-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 3:06 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi,

Please make sure that no guest VLANs were configured on F5 before adding to cloud stack. Also check the reachability to F5 from management server.
Related to second issue (access to guest vm from outside) :PF/Static NAT services should present in the guest network. But I don't see those services in the network you have mentioned.

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 11:48 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sanjeev,

I tried creating VM using Guest VLAN  Network

Created Guest Network with Source NAT, Firewall, LB, DNS ,DHCP expect LB the other services are served by VR

I got the below error in logs


2013-04-18 17:15:24,620 WARN  [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-106:job-78) unexpected ResourceUnavailableException :
com.cloud.network.Network
com.cloud.exception.ResourceUnavailableException: Resource [Network:214] is unreachable: External load balancer was unable to implement the guest network on the external load balancer in zone microzone
        at
com.cloud.network.ExternalLoadBalancerDeviceManagerImpl.manageGuestNetwo
rkWithExternalLoadBalancer(ExternalLoadBalancerDeviceManagerImpl.java:10
19)


Also I have another issue, I'm not able to access ( ping or ssh ) Guest VLAN network VMs  from other Networks like Man NW or outside. Adding to this I'm not able to ping Public IP address if VR  from outside.

Is that something related to Source NAT
?

Regards,
Anoop Mohan



-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 11:17 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall .

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,





If I want to use external load balancer  F5 , is it mandate to use an external firewall rather than using VR as Firewall service?



Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.
Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the material from your computer.
Microland takes all reasonable steps to ensure that its electronic communications are free from viruses.
However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software.

RE: F5 LB - Guest VLAN Advanced Zone

[Anoop Mohan <An...@microland.com>]

Hi Venkat,

I tried as you stated below. But still not able to create guest network.

Setup Details.

1. Created  New NW Offerings with  services Capabilities as Dhcp:
VirtualRouter, Lb: F5BigIp, Dns: VirtualRouter, Vpn: VirtualRouter,
Firewall: VirtualRouter, StaticNat: VirtualRouter, UserData:
VirtualRouter, PortForwarding: VirtualRouter, SourceNat: VirtualRouter

2. Login with Admin user of newly created domain and try creating guest
network using new NW offerings. Even I tried with users under ROOT
domain as well

If I specify CIDR for guest , then it throws below error

2013-04-24 10:07:17,252 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-1:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network
Ntwk[-1|Guest|18]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1

If I specify CIDR, Below   UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan

-----Original Message-----
From: Venkata SwamyBabu Budumuru
[mailto:venkataswamybabu.budumuru@citrix.com] 
Sent: Saturday, April 20, 2013 3:25 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

About the error you mentioned here is due to the fact that in the
NetworkOffering you selected "source nat type" as 'per zone'. In case of
VR providing SNAT service, we only support 'PER account'.




Sent from Samsung tablet

Anoop Mohan <An...@microland.com> wrote:
Hi Sanjeev,


 >>>>> Please make sure that no guest VLANs were configured on F5 before
adding to cloud stack. Also check the reachability to F5 from management
server.


The guest VLANs which need to Integrate to CloudStack  doesn't exist in
F5. I'm using BIG-IP 9.4.7.

I'm following below wiki

http://wiki.cloudstack.org/pages/viewpage.action?pageId=11830811


>>>>> Related to second issue (access to guest vm from outside)
:PF/Static NAT services should present in the guest network. But I don't
see those services in the network you have mentioned.

Yes I created a Network offerings with Static NAT works. Every Time I
have to acquire new Public  IP address  and assign to VM's  created
under isolated Tenant.

Now Facing below issue.

Add F5 device and enabled.

When I use combination of VR Services and F5 LB Service  as new Network
offerings, and try spawning VM's using the same getting below error


2013-04-19 16:43:31,788 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-15:null) Exception while executing
CreateNetworkOfferingCmd:
com.cloud.exception.UnsupportedServiceException: Service SourceNat
doesn't support value "perzone" for capability SupportedSourceNatTypes
on VirtualRouter

2013-04-19 16:46:05,088 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-20:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network
Ntwk[-1|Guest|17]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1


Is there any doc available or could you recommend  in which I can create
Network offerings for Isolated Guest Network using VLAN with external
Network devices and VR services


Anoop Mohan


-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 3:06 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi,

Please make sure that no guest VLANs were configured on F5 before adding
to cloud stack. Also check the reachability to F5 from management
server.
Related to second issue (access to guest vm from outside) :PF/Static NAT
services should present in the guest network. But I don't see those
services in the network you have mentioned.

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 11:48 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sanjeev,

I tried creating VM using Guest VLAN  Network

Created Guest Network with Source NAT, Firewall, LB, DNS ,DHCP expect LB
the other services are served by VR

I got the below error in logs


2013-04-18 17:15:24,620 WARN  [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-106:job-78) unexpected ResourceUnavailableException :
com.cloud.network.Network
com.cloud.exception.ResourceUnavailableException: Resource [Network:214]
is unreachable: External load balancer was unable to implement the guest
network on the external load balancer in zone microzone
        at
com.cloud.network.ExternalLoadBalancerDeviceManagerImpl.manageGuestNetwo
rkWithExternalLoadBalancer(ExternalLoadBalancerDeviceManagerImpl.java:10
19)


Also I have another issue, I'm not able to access ( ping or ssh ) Guest
VLAN network VMs  from other Networks like Man NW or outside. Adding to
this I'm not able to ping Public IP address if VR  from outside.

Is that something related to Source NAT
?

Regards,
Anoop Mohan



-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 11:17 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall .

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,





If I want to use external load balancer  F5 , is it mandate to use an
external firewall rather than using VR as Firewall service?



Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Any review, re-transmission, dissemination or other use of or taking of
any action in reliance upon,this information by persons or entities
other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the
material from your computer.
Microland takes all reasonable steps to ensure that its electronic
communications are free from viruses.
However, given Internet accessibility, the Company cannot accept
liability for any virus introduced by this e-mail or any attachment and
you are advised to use up-to-date virus checking software.

RE: F5 LB - Guest VLAN Advanced Zone

[Venkata SwamyBabu Budumuru <ve...@citrix.com>]

About the error you mentioned here is due to the fact that in the NetworkOffering you selected "source nat type" as 'per zone'. In case of VR providing SNAT service, we only support 'PER account'.




Sent from Samsung tablet

Anoop Mohan <An...@microland.com> wrote:
Hi Sanjeev,


 >>>>> Please make sure that no guest VLANs were configured on F5 before
adding to cloud stack. Also check the reachability to F5 from management
server.


The guest VLANs which need to Integrate to CloudStack  doesn't exist in
F5. I'm using BIG-IP 9.4.7.

I'm following below wiki

http://wiki.cloudstack.org/pages/viewpage.action?pageId=11830811


>>>>> Related to second issue (access to guest vm from outside)
:PF/Static NAT services should present in the guest network. But I don't
see those services in the network you have mentioned.

Yes I created a Network offerings with Static NAT works. Every Time I
have to acquire new Public  IP address  and assign to VM's  created
under isolated Tenant.

Now Facing below issue.

Add F5 device and enabled.

When I use combination of VR Services and F5 LB Service  as new Network
offerings, and try spawning VM's using the same getting below error


2013-04-19 16:43:31,788 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-15:null) Exception while executing
CreateNetworkOfferingCmd:
com.cloud.exception.UnsupportedServiceException: Service SourceNat
doesn't support value "perzone" for capability SupportedSourceNatTypes
on VirtualRouter

2013-04-19 16:46:05,088 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-20:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network
Ntwk[-1|Guest|17]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1


Is there any doc available or could you recommend  in which I can create
Network offerings for Isolated Guest Network using VLAN with external
Network devices and VR services


Anoop Mohan


-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 3:06 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi,

Please make sure that no guest VLANs were configured on F5 before adding
to cloud stack. Also check the reachability to F5 from management
server.
Related to second issue (access to guest vm from outside) :PF/Static NAT
services should present in the guest network. But I don't see those
services in the network you have mentioned.

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 11:48 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sanjeev,

I tried creating VM using Guest VLAN  Network

Created Guest Network with Source NAT, Firewall, LB, DNS ,DHCP expect LB
the other services are served by VR

I got the below error in logs


2013-04-18 17:15:24,620 WARN  [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-106:job-78) unexpected ResourceUnavailableException :
com.cloud.network.Network
com.cloud.exception.ResourceUnavailableException: Resource [Network:214]
is unreachable: External load balancer was unable to implement the guest
network on the external load balancer in zone microzone
        at
com.cloud.network.ExternalLoadBalancerDeviceManagerImpl.manageGuestNetwo
rkWithExternalLoadBalancer(ExternalLoadBalancerDeviceManagerImpl.java:10
19)


Also I have another issue, I'm not able to access ( ping or ssh ) Guest
VLAN network VMs  from other Networks like Man NW or outside. Adding to
this I'm not able to ping Public IP address if VR  from outside.

Is that something related to Source NAT
?

Regards,
Anoop Mohan



-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 11:17 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall .

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,





If I want to use external load balancer  F5 , is it mandate to use an
external firewall rather than using VR as Firewall service?



Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Any review, re-transmission, dissemination or other use of or taking of
any action in reliance upon,this information by persons or entities
other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the
material from your computer.
Microland takes all reasonable steps to ensure that its electronic
communications are free from viruses.
However, given Internet accessibility, the Company cannot accept
liability for any virus introduced by this e-mail or any attachment and
you are advised to use up-to-date virus checking software.

RE: F5 LB - Guest VLAN Advanced Zone

[Anoop Mohan <An...@microland.com>]

Hi Sanjeev,


 >>>>> Please make sure that no guest VLANs were configured on F5 before
adding to cloud stack. Also check the reachability to F5 from management
server.


The guest VLANs which need to Integrate to CloudStack  doesn't exist in
F5. I'm using BIG-IP 9.4.7. 

I'm following below wiki

http://wiki.cloudstack.org/pages/viewpage.action?pageId=11830811


>>>>> Related to second issue (access to guest vm from outside)
:PF/Static NAT services should present in the guest network. But I don't
see those services in the network you have mentioned.

Yes I created a Network offerings with Static NAT works. Every Time I
have to acquire new Public  IP address  and assign to VM's  created
under isolated Tenant.

Now Facing below issue.

Add F5 device and enabled. 

When I use combination of VR Services and F5 LB Service  as new Network
offerings, and try spawning VM's using the same getting below error


2013-04-19 16:43:31,788 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-15:null) Exception while executing
CreateNetworkOfferingCmd:
com.cloud.exception.UnsupportedServiceException: Service SourceNat
doesn't support value "perzone" for capability SupportedSourceNatTypes
on VirtualRouter

2013-04-19 16:46:05,088 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-20:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network
Ntwk[-1|Guest|17]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1


Is there any doc available or could you recommend  in which I can create
Network offerings for Isolated Guest Network using VLAN with external
Network devices and VR services


Anoop Mohan


-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com] 
Sent: Friday, April 19, 2013 3:06 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi,

Please make sure that no guest VLANs were configured on F5 before adding
to cloud stack. Also check the reachability to F5 from management
server.
Related to second issue (access to guest vm from outside) :PF/Static NAT
services should present in the guest network. But I don't see those
services in the network you have mentioned.

Thanks,
Sanjeev 

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com] 
Sent: Friday, April 19, 2013 11:48 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sanjeev,

I tried creating VM using Guest VLAN  Network 

Created Guest Network with Source NAT, Firewall, LB, DNS ,DHCP expect LB
the other services are served by VR

I got the below error in logs


2013-04-18 17:15:24,620 WARN  [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-106:job-78) unexpected ResourceUnavailableException :
com.cloud.network.Network
com.cloud.exception.ResourceUnavailableException: Resource [Network:214]
is unreachable: External load balancer was unable to implement the guest
network on the external load balancer in zone microzone
        at
com.cloud.network.ExternalLoadBalancerDeviceManagerImpl.manageGuestNetwo
rkWithExternalLoadBalancer(ExternalLoadBalancerDeviceManagerImpl.java:10
19)


Also I have another issue, I'm not able to access ( ping or ssh ) Guest
VLAN network VMs  from other Networks like Man NW or outside. Adding to
this I'm not able to ping Public IP address if VR  from outside.

Is that something related to Source NAT
?

Regards,
Anoop Mohan



-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 11:17 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall . 

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,

 

 

If I want to use external load balancer  F5 , is it mandate to use an
external firewall rather than using VR as Firewall service?

 

Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. 
Any review, re-transmission, dissemination or other use of or taking of
any action in reliance upon,this information by persons or entities
other than the intended recipient is prohibited. 
If you received this in error, please contact the sender and delete the
material from your computer. 
Microland takes all reasonable steps to ensure that its electronic
communications are free from viruses. 
However, given Internet accessibility, the Company cannot accept
liability for any virus introduced by this e-mail or any attachment and
you are advised to use up-to-date virus checking software.

RE: F5 LB - Guest VLAN Advanced Zone

[Sanjeev Neelarapu <sa...@citrix.com>]

Hi,

Please make sure that no guest VLANs were configured on F5 before adding to cloud stack. Also check the reachability to F5 from management server.
Related to second issue (access to guest vm from outside) :PF/Static NAT services should present in the guest network. But I don't see those services in the network you have mentioned.

Thanks,
Sanjeev 

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com] 
Sent: Friday, April 19, 2013 11:48 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sanjeev,

I tried creating VM using Guest VLAN  Network 

Created Guest Network with Source NAT, Firewall, LB, DNS ,DHCP expect LB the other services are served by VR

I got the below error in logs


2013-04-18 17:15:24,620 WARN  [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-106:job-78) unexpected ResourceUnavailableException :
com.cloud.network.Network
com.cloud.exception.ResourceUnavailableException: Resource [Network:214] is unreachable: External load balancer was unable to implement the guest network on the external load balancer in zone microzone
        at
com.cloud.network.ExternalLoadBalancerDeviceManagerImpl.manageGuestNetwo
rkWithExternalLoadBalancer(ExternalLoadBalancerDeviceManagerImpl.java:10
19)


Also I have another issue, I'm not able to access ( ping or ssh ) Guest VLAN network VMs  from other Networks like Man NW or outside. Adding to this I'm not able to ping Public IP address if VR  from outside.

Is that something related to Source NAT
?

Regards,
Anoop Mohan



-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com]
Sent: Friday, April 19, 2013 11:17 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall . 

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com]
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,

 

 

If I want to use external load balancer  F5 , is it mandate to use an external firewall rather than using VR as Firewall service?

 

Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. 
Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited. 
If you received this in error, please contact the sender and delete the material from your computer. 
Microland takes all reasonable steps to ensure that its electronic communications are free from viruses. 
However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software.

RE: F5 LB - Guest VLAN Advanced Zone

[Anoop Mohan <An...@microland.com>]

Sanjeev,

I tried creating VM using Guest VLAN  Network 

Created Guest Network with Source NAT, Firewall, LB, DNS ,DHCP expect LB
the other services are served by VR

I got the below error in logs


2013-04-18 17:15:24,620 WARN  [cloud.vm.VirtualMachineManagerImpl]
(Job-Executor-106:job-78) unexpected ResourceUnavailableException :
com.cloud.network.Network
com.cloud.exception.ResourceUnavailableException: Resource [Network:214]
is unreachable: External load balancer was unable to implement the guest
network on the external load balancer in zone microzone
        at
com.cloud.network.ExternalLoadBalancerDeviceManagerImpl.manageGuestNetwo
rkWithExternalLoadBalancer(ExternalLoadBalancerDeviceManagerImpl.java:10
19)


Also I have another issue, I'm not able to access ( ping or ssh ) Guest
VLAN network VMs  from other Networks like Man NW or outside. Adding to
this I'm not able to ping Public IP address if VR  from outside.

Is that something related to Source NAT
?

Regards,
Anoop Mohan



-----Original Message-----
From: Sanjeev Neelarapu [mailto:sanjeev.neelarapu@citrix.com] 
Sent: Friday, April 19, 2013 11:17 AM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall . 

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com] 
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,

 

 

If I want to use external load balancer  F5 , is it mandate to use an
external firewall rather than using VR as Firewall service?

 

Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. 
Any review, re-transmission, dissemination or other use of or taking of
any action in reliance upon,this information by persons or entities
other than the intended recipient is prohibited. 
If you received this in error, please contact the sender and delete the
material from your computer. 
Microland takes all reasonable steps to ensure that its electronic
communications are free from viruses. 
However, given Internet accessibility, the Company cannot accept
liability for any virus introduced by this e-mail or any attachment and
you are advised to use up-to-date virus checking software.

RE: F5 LB - Guest VLAN Advanced Zone

[Sanjeev Neelarapu <sa...@citrix.com>]

Hi Anoop Mohan,

You can use F5 as external load balancer without external firewall . 

Thanks,
Sanjeev

-----Original Message-----
From: Anoop Mohan [mailto:AnoopMo@microland.com] 
Sent: Friday, April 19, 2013 9:51 AM
To: cloudstack-users@incubator.apache.org
Subject: F5 LB - Guest VLAN Advanced Zone

Hi Team,

 

 

If I want to use external load balancer  F5 , is it mandate to use an external firewall rather than using VR as Firewall service?

 

Regards,

Anoop Mohan

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. 
Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited. 
If you received this in error, please contact the sender and delete the material from your computer. 
Microland takes all reasonable steps to ensure that its electronic communications are free from viruses. 
However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software.