RE: Vlan issue with ACS 4.4 and XenServer 6.2

[Matthew Midgett <cl...@trick-solutions.com.INVALID>]

Does anyone else have an idea?



On Jan 6, 2015, 10:12 PM, at 10:12 PM, Matthew Midgett <cl...@trick-solutions.com.INVALID> wrote:
>It is there because I can disable the zone, delete the VM and network.
>Use XenCenter to add a vlan of 501. Manually install 2 VM's on
>different hypervisors and ping both VM and the GW that on the router.
>This config tells me that 501 is configured correctly. The switch ports
>for the vlan 501 network are trunked. When ACS creates the vlan 501
>from the network config it doesn’t work correctly. When the VM and VR
>are on the same host it works just fine. When there not the Vlan isn 't
>working. It's strange. I can ping the GW from both VM's but can't ping
>the VM on the other hypervisor or the VR. If I migrate all the VM's and
>VR to the same hypervisor it works as expected.
>
>The vlan 501 on the router holds the GW address so if it wan't there I
>would 't be able to ping it.
>
>I have tried everything from new networking services to vlan's trunking
>and not trunking and just switchport with vlan. It doen't want to work.
>
>The vlan500 how ever is the console router and SSVM. I think that it
>works as expected but I havn't ssh into them to try. They are doing
>their job and I can have an public ip console and ssvm is downloading
>templates and moving VM templates from Sec storage to primary.
>
>Any more ideas?
>
>-----Original Message-----
>From: Ahmad Emneina [mailto:aemneina@gmail.com] 
>Sent: Tuesday, January 06, 2015 9:11 PM
>To: dev@cloudstack.apache.org
>Subject: Re: Vlan issue with ACS 4.4 and XenServer 6.2
>
>Hey Matt, it sounds like you have a vlan trunking issue. Check the
>switch port configuration for the port(s) yout hypervisors are
>connected to, ensure that vlan is present.
>
>On Tue, Jan 6, 2015 at 5:43 PM, Matthew Midgett <
>cloudstck@trick-solutions.com.invalid> wrote:
>
>> In my test deployment I have 2 hypervisors with XenServer 6.2 
>> installed. I am creating a private network with public Ips, so that 
>> the VR is only used to hand out IPs and meta data. The vlan is 501, 
>> and it has a range of 216.249.111.2-254. What happens is that when I 
>> create new VM's and they spawn on the server with the VR cloud-init 
>> works and it gets the password and the server is good. When is spawns
>
>> on the other hypervisor it can't connect to the VR and because of
>this 
>> it doesn't get its meta data. What I do is quickly move the VR to the
>
>> other hypervisor, this allows it to get the meta data so I can login.
>
>> Once this is done I can login and ping the gateway for vlan 501 but 
>> can't ping the other VM or the VR if it's not on the same hypervisor.
>
>> I know my trunks and vlans are correct and the interfaces that's
>being 
>> assigned. To test this I shutdown the zone and deleted the network.
>> Then I removed Vlan501 from the XenServer's and created it manually
>on 
>> the exact same nic as it was before. Then I added a ISO repo and 
>> manually installed 2 vms manually assigning the public ip's. It works
>
>> as expected, I can ping the gateway and the other VM on the other 
>> hypervisor. This was to prove my vlan config.
>>
>>
>>
>> What do I do?
>>
>>

RE: Vlan issue with ACS 4.4 and XenServer 6.2

[Matthew Midgett <cl...@trick-solutions.com.INVALID>]

My setup is as follows

2 x HP DL360 G7 with 4 port 1G nic's

Port 0 to cloud-management
Port 1 to cloud-storage - Disabled
Port 2 to cloud-guest
Port 3 to cloud-public

Catalyist 6509 switch

Port 0 to Slot 5 Gi0 and 1
Port 1 to Slot 6 Gi0 and 1 Disabled
Port 2 to Slot 8 Gi0 and 1
Port 3 to Slot 9 Gi0 and 1

Slot 5 Gi0  and 1 are switch ports with Vlan 190
Slot 6		        switch ports with Vlan 183 - Disabled due to a bad switch card
Slot 8 Gi0 and 1 are trunk ports
Slot 9 Gi0 and 1 are trunk ports

Vlan 501 is a public /24 that we are directly assigning to the VM's and that’s why the public is on the first guest network that would be normally private with a VR and SN and DS nat.
Vlan 501 is configured on the switch with the 216.249.111.0/24 with .1 being on the switch. Packets leave the trunk tagged as 501 and are passed up the the vlan gw and out they go down the pipe hoping all through the datacenter till they reach the head end and pick one of 4 providers to exit with.

It pretty standard setup and I know everyone points back to a vlan lan problem but I may have not explained it well but if I disable the zone and delete the VM so I can delete the 501 network in CS. Now there is no vlan 501 on the xencenter interface. If I manually create the vlan 501 and put it on the exact same nic that ACS is using I can create new VM's from scratch and ping the GW and the other VM on the other Hypervisor. If the Vlan wasn't configured correctly then this test would have failed. But since it works as expected I need to know why when ACS creates the Vlan 501 network using all the same information I have the problem that the VM's can't ping from one hypervisor to the other. 

I have also tried with OVS and Bridge and neither made a difference. 

Something that I just thought of that I didn't think of before is that I will rebuild the setup by default tonight and install a centos VM from scratch and not one from my template and see if that makes a difference and I have been just chasing a problem with a template and didn't know about it.

I thank all for their time that has been taken reading and helping me out.

Matthew Midgett
#3 Minion





-----Original Message-----
From: Somesh Naidu [mailto:Somesh.Naidu@citrix.com] 
Sent: Wednesday, January 07, 2015 3:26 PM
To: users@cloudstack.apache.org
Subject: RE: Vlan issue with ACS 4.4 and XenServer 6.2

As Ahmad pointed out, it does look to be an issue with VLAN trunking.

How are the XS connected to each other and what is the VLAN assigned to the particular guest network (I am assuming you are using Advanced Zone with VLAN Isolation)?

-----Original Message-----
From: Matthew Midgett [mailto:cloudstck@trick-solutions.com.INVALID]
Sent: Wednesday, January 07, 2015 3:13 PM
To: users@cloudstack.apache.org
Subject: RE: Vlan issue with ACS 4.4 and XenServer 6.2

Does anyone else have an idea?



On Jan 6, 2015, 10:12 PM, at 10:12 PM, Matthew Midgett <cl...@trick-solutions.com.INVALID> wrote:
>It is there because I can disable the zone, delete the VM and network.
>Use XenCenter to add a vlan of 501. Manually install 2 VM's on 
>different hypervisors and ping both VM and the GW that on the router.
>This config tells me that 501 is configured correctly. The switch ports 
>for the vlan 501 network are trunked. When ACS creates the vlan 501 
>from the network config it doesn’t work correctly. When the VM and VR 
>are on the same host it works just fine. When there not the Vlan isn 't 
>working. It's strange. I can ping the GW from both VM's but can't ping 
>the VM on the other hypervisor or the VR. If I migrate all the VM's and 
>VR to the same hypervisor it works as expected.
>
>The vlan 501 on the router holds the GW address so if it wan't there I 
>would 't be able to ping it.
>
>I have tried everything from new networking services to vlan's trunking 
>and not trunking and just switchport with vlan. It doen't want to work.
>
>The vlan500 how ever is the console router and SSVM. I think that it 
>works as expected but I havn't ssh into them to try. They are doing 
>their job and I can have an public ip console and ssvm is downloading 
>templates and moving VM templates from Sec storage to primary.
>
>Any more ideas?
>
>-----Original Message-----
>From: Ahmad Emneina [mailto:aemneina@gmail.com]
>Sent: Tuesday, January 06, 2015 9:11 PM
>To: dev@cloudstack.apache.org
>Subject: Re: Vlan issue with ACS 4.4 and XenServer 6.2
>
>Hey Matt, it sounds like you have a vlan trunking issue. Check the 
>switch port configuration for the port(s) yout hypervisors are 
>connected to, ensure that vlan is present.
>
>On Tue, Jan 6, 2015 at 5:43 PM, Matthew Midgett < 
>cloudstck@trick-solutions.com.invalid> wrote:
>
>> In my test deployment I have 2 hypervisors with XenServer 6.2 
>> installed. I am creating a private network with public Ips, so that 
>> the VR is only used to hand out IPs and meta data. The vlan is 501, 
>> and it has a range of 216.249.111.2-254. What happens is that when I 
>> create new VM's and they spawn on the server with the VR cloud-init 
>> works and it gets the password and the server is good. When is spawns
>
>> on the other hypervisor it can't connect to the VR and because of
>this
>> it doesn't get its meta data. What I do is quickly move the VR to the
>
>> other hypervisor, this allows it to get the meta data so I can login.
>
>> Once this is done I can login and ping the gateway for vlan 501 but 
>> can't ping the other VM or the VR if it's not on the same hypervisor.
>
>> I know my trunks and vlans are correct and the interfaces that's
>being
>> assigned. To test this I shutdown the zone and deleted the network.
>> Then I removed Vlan501 from the XenServer's and created it manually
>on
>> the exact same nic as it was before. Then I added a ISO repo and 
>> manually installed 2 vms manually assigning the public ip's. It works
>
>> as expected, I can ping the gateway and the other VM on the other 
>> hypervisor. This was to prove my vlan config.
>>
>>
>>
>> What do I do?
>>
>>

RE: Vlan issue with ACS 4.4 and XenServer 6.2

[Somesh Naidu <So...@citrix.com>]

As Ahmad pointed out, it does look to be an issue with VLAN trunking.

How are the XS connected to each other and what is the VLAN assigned to the particular guest network (I am assuming you are using Advanced Zone with VLAN Isolation)?

-----Original Message-----
From: Matthew Midgett [mailto:cloudstck@trick-solutions.com.INVALID] 
Sent: Wednesday, January 07, 2015 3:13 PM
To: users@cloudstack.apache.org
Subject: RE: Vlan issue with ACS 4.4 and XenServer 6.2

Does anyone else have an idea?



On Jan 6, 2015, 10:12 PM, at 10:12 PM, Matthew Midgett <cl...@trick-solutions.com.INVALID> wrote:
>It is there because I can disable the zone, delete the VM and network.
>Use XenCenter to add a vlan of 501. Manually install 2 VM's on
>different hypervisors and ping both VM and the GW that on the router.
>This config tells me that 501 is configured correctly. The switch ports
>for the vlan 501 network are trunked. When ACS creates the vlan 501
>from the network config it doesn’t work correctly. When the VM and VR
>are on the same host it works just fine. When there not the Vlan isn 't
>working. It's strange. I can ping the GW from both VM's but can't ping
>the VM on the other hypervisor or the VR. If I migrate all the VM's and
>VR to the same hypervisor it works as expected.
>
>The vlan 501 on the router holds the GW address so if it wan't there I
>would 't be able to ping it.
>
>I have tried everything from new networking services to vlan's trunking
>and not trunking and just switchport with vlan. It doen't want to work.
>
>The vlan500 how ever is the console router and SSVM. I think that it
>works as expected but I havn't ssh into them to try. They are doing
>their job and I can have an public ip console and ssvm is downloading
>templates and moving VM templates from Sec storage to primary.
>
>Any more ideas?
>
>-----Original Message-----
>From: Ahmad Emneina [mailto:aemneina@gmail.com] 
>Sent: Tuesday, January 06, 2015 9:11 PM
>To: dev@cloudstack.apache.org
>Subject: Re: Vlan issue with ACS 4.4 and XenServer 6.2
>
>Hey Matt, it sounds like you have a vlan trunking issue. Check the
>switch port configuration for the port(s) yout hypervisors are
>connected to, ensure that vlan is present.
>
>On Tue, Jan 6, 2015 at 5:43 PM, Matthew Midgett <
>cloudstck@trick-solutions.com.invalid> wrote:
>
>> In my test deployment I have 2 hypervisors with XenServer 6.2 
>> installed. I am creating a private network with public Ips, so that 
>> the VR is only used to hand out IPs and meta data. The vlan is 501, 
>> and it has a range of 216.249.111.2-254. What happens is that when I 
>> create new VM's and they spawn on the server with the VR cloud-init 
>> works and it gets the password and the server is good. When is spawns
>
>> on the other hypervisor it can't connect to the VR and because of
>this 
>> it doesn't get its meta data. What I do is quickly move the VR to the
>
>> other hypervisor, this allows it to get the meta data so I can login.
>
>> Once this is done I can login and ping the gateway for vlan 501 but 
>> can't ping the other VM or the VR if it's not on the same hypervisor.
>
>> I know my trunks and vlans are correct and the interfaces that's
>being 
>> assigned. To test this I shutdown the zone and deleted the network.
>> Then I removed Vlan501 from the XenServer's and created it manually
>on 
>> the exact same nic as it was before. Then I added a ISO repo and 
>> manually installed 2 vms manually assigning the public ip's. It works
>
>> as expected, I can ping the gateway and the other VM on the other 
>> hypervisor. This was to prove my vlan config.
>>
>>
>>
>> What do I do?
>>
>>