You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Andrija Panic <an...@gmail.com> on 2017/05/03 20:46:41 UTC
help/advise needed: Private gateway vs. new physcial network issue
Hi all,
I'm trying to to test Private Gateway on our production (actually on DEV
first :) ) setup, of ACS 4.5,
but I'm hitting some strange issues during actual creation of PV GTW.
My setup is the following:
ACS 4.5, advanced zone KVM (ubuntu 14)
mgmt network: KVM label/name: cloudbr0
sec. stor.network KMV label/name: cloudbr2
guest network KVM label/name: bond0.950 (we use vxlans, so this is
apropriate...)
public network KVM label/name: cloudbr3
This above is all fine, but when adding PRIV.GTW, ACS tries to provision
new vlan interface (later with bridge...) on top of selected physical
interface (from the list above) - which in my case is impossible, as it
seems.
So I decided to add addional Physical Network (name: bond0), so I expect
ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
testing purposes (vlan 999)
PROBLEM:
- in running zone, I need to disable it, then I use CloudMonkey to add zone:
* create physicalnetwork name=bond0 broadcastdomainrange=zone
zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
Afterwards I do enable the zone: update physicalnetwork state=Enabled
id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
First command above, does NOT update DB table
cloud.physical_network_isolation_methods
with new record, so when you list network it dont mentions isolation_method.
OK, I edit DB directly, and create new row referencing new network by ID,
and vlan set as isolation method.
BTW, table cloud.physical_network_traffic_types is not populated, which I
assume is OK/good since I don't want any normal traffci
(mgmt/guest.public/storage) to go over this physical net - but again this
might be the root of problems ? Since the only guest network is on PIF
bond0.950
When I try to create PRIV.GTW, ACS does some magic, and again tries to
provision vlan 999 interface (example vlan from above) on bond0.950 (guest
network) (bond0.950.999)
I checked the logs (attached below) and it does trie to provision GTW on
new physical network really.
I'm assuming, that maybe since no values for new bond0 network inside table
cloud.physical_network_traffic_types is populated, that than ACS fails back
to only available guest network, and that is bond0.950 - also I recall we
need to define KVM label so the ACS will actaully know on which interface
to use... (which is missing from DB for new bond0 network, as explained...)
I checked the logs, and didn't see any intersting stuff really (perhaps I'm
missing something...)
https://pastebin.com/MZXrK31M
I would really appreciate any help, since I dont know which direction to go
now...
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network issue
Posted by Andrija Panic <an...@gmail.com>.
I managed to solve it, thanks Simon:
Steps, give or take:
- add new physical network via CM
- enable new physical network via CM
- manually define VLAN as isolation method in DB (add new ROW
in physical_network_isolation_methods table)
- duplicate existing Guest network row from table
physical_network_traffic_types (new uuid, and other changes as needed, to
reflect new KVM label "bond0") - so this network becomes another Guest
network...
- Edit tags on both guest physical networks (via GUI)
- Updated tags all Network Offerings inside DB (to match bond0.950 as main
vxlan guest carrier network) - maybe not needed, maybe yes...
- found "hidden" DB record in network_offering table called
"System-Private-Gateway-Network-Offering" and this is where I needed to set
tag to match the tag on second Guest network (bond0)
after this all works as expected
Very purely documented (but I'm assuming much easire when you create 2
Guest networks during adding Zone in begining)
I will see to update docs, once I'm clear on this procedure in more
details...
Thanks a lot Simon !
On 3 May 2017 at 23:34, Andrija Panic <an...@gmail.com> wrote:
> Ok, thanks, I need to read a bit on tagging networks, first time I
> encounter this.
>
> agent.properties only has 1 guest interface definition (
> guest.network.device=bond0.950), so I will see how this behaves...
>
> Thanks for input Simon
>
> On 3 May 2017 at 23:19, Simon Weller <sw...@ena.com> wrote:
>
>> We deploy with 2 physical interfaces. 1 is for vxlan guest networks and
>> the other is a trunk interfaces for public, mgmt and private gateways. We
>> found that tagging was necessary, or the incorrect interface can be
>> selected because both have guest networks.
>>
>>
>> ________________________________
>> From: Andrija Panic <an...@gmail.com>
>> Sent: Wednesday, May 3, 2017 4:09 PM
>> To: dev@cloudstack.apache.org
>> Cc: users@cloudstack.apache.org
>> Subject: Re: help/advise needed: Private gateway vs. new physcial network
>> issue
>>
>> Hi Simon,
>>
>> not at all. We use tags only for storage and compute(service)/disk
>> offerings...
>>
>> But,
>>
>> I just found out, even when I change recird in DB record, change KVM label
>> from bond0.950 to bond0, then disable/enable zone, and even restart mgmt
>> servers, still ACS provision vlan 999 on top of bond0.950 although I
>> selected bond0.
>>
>>
>> Her is funny thing: when I changed agent.properties
>> file guest.network.device=bond0.950 to bond0, then it worked (at least
>> proper PIF selected)...but again this can't be done on production in my
>> case
>>
>> It would be interesting to know (Cloudops and others) if you guys use same
>> physical network to carrrie guest private networks (vlans or vxlans?) AND
>> these new vlans for PRIV.GTW. We use vxlans gor guest traffic...
>>
>>
>> Thanks Simon,
>>
>> Andrija
>>
>> On 3 May 2017 at 23:01, Simon Weller <sw...@ena.com> wrote:
>>
>> > Andrija,
>> >
>> >
>> > Do you have any network tagging setup for your vpc network offerings
>> that
>> > correspond to your zone network tags?
>> >
>> > ________________________________
>> > From: Andrija Panic <an...@gmail.com>
>> > Sent: Wednesday, May 3, 2017 3:46 PM
>> > To: users@cloudstack.apache.org; dev@cloudstack.apache.org
>> > Subject: help/advise needed: Private gateway vs. new physcial network
>> issue
>> >
>> > Hi all,
>> >
>> > I'm trying to to test Private Gateway on our production (actually on DEV
>> > first :) ) setup, of ACS 4.5,
>> > but I'm hitting some strange issues during actual creation of PV GTW.
>> >
>> > My setup is the following:
>> >
>> > ACS 4.5, advanced zone KVM (ubuntu 14)
>> > mgmt network: KVM label/name: cloudbr0
>> > sec. stor.network KMV label/name: cloudbr2
>> > guest network KVM label/name: bond0.950 (we use vxlans, so this is
>> > apropriate...)
>> > public network KVM label/name: cloudbr3
>> >
>> > This above is all fine, but when adding PRIV.GTW, ACS tries to provision
>> > new vlan interface (later with bridge...) on top of selected physical
>> > interface (from the list above) - which in my case is impossible, as it
>> > seems.
>> >
>> > So I decided to add addional Physical Network (name: bond0), so I expect
>> > ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
>> > testing purposes (vlan 999)
>> >
>> > PROBLEM:
>> > - in running zone, I need to disable it, then I use CloudMonkey to add
>> > zone:
>> > * create physicalnetwork name=bond0 broadcastdomainrange=zone
>> > zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
>> > Afterwards I do enable the zone: update physicalnetwork state=Enabled
>> > id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
>> >
>> > First command above, does NOT update DB table
>> > cloud.physical_network_isolation_methods
>> > with new record, so when you list network it dont mentions
>> > isolation_method.
>> > OK, I edit DB directly, and create new row referencing new network by
>> ID,
>> > and vlan set as isolation method.
>> >
>> > BTW, table cloud.physical_network_traffic_types is not populated,
>> which I
>> > assume is OK/good since I don't want any normal traffci
>> > (mgmt/guest.public/storage) to go over this physical net - but again
>> this
>> > might be the root of problems ? Since the only guest network is on PIF
>> > bond0.950
>> >
>> > When I try to create PRIV.GTW, ACS does some magic, and again tries to
>> > provision vlan 999 interface (example vlan from above) on bond0.950
>> (guest
>> > network) (bond0.950.999)
>> >
>> > I checked the logs (attached below) and it does trie to provision GTW on
>> > new physical network really.
>> >
>> > I'm assuming, that maybe since no values for new bond0 network inside
>> table
>> > cloud.physical_network_traffic_types is populated, that than ACS fails
>> > back
>> > to only available guest network, and that is bond0.950 - also I recall
>> we
>> > need to define KVM label so the ACS will actaully know on which
>> interface
>> > to use... (which is missing from DB for new bond0 network, as
>> explained...)
>> >
>> > I checked the logs, and didn't see any intersting stuff really (perhaps
>> I'm
>> > missing something...)
>> > https://pastebin.com/MZXrK31M
>> [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>>
>> PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.
>> com/MZXrK31M>
>> pastebin.com
>>
>>
>>
>> > [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>> >
>> > PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.
>> com/MZXrK31M
>> > >
>> > pastebin.com
>> >
>> >
>> >
>> >
>> > I would really appreciate any help, since I dont know which direction
>> to go
>> > now...
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > Andrija Panić
>> >
>>
>>
>>
>> --
>>
>> Andrija Panić
>>
>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network issue
Posted by Andrija Panic <an...@gmail.com>.
I managed to solve it, thanks Simon:
Steps, give or take:
- add new physical network via CM
- enable new physical network via CM
- manually define VLAN as isolation method in DB (add new ROW
in physical_network_isolation_methods table)
- duplicate existing Guest network row from table
physical_network_traffic_types (new uuid, and other changes as needed, to
reflect new KVM label "bond0") - so this network becomes another Guest
network...
- Edit tags on both guest physical networks (via GUI)
- Updated tags all Network Offerings inside DB (to match bond0.950 as main
vxlan guest carrier network) - maybe not needed, maybe yes...
- found "hidden" DB record in network_offering table called
"System-Private-Gateway-Network-Offering" and this is where I needed to set
tag to match the tag on second Guest network (bond0)
after this all works as expected
Very purely documented (but I'm assuming much easire when you create 2
Guest networks during adding Zone in begining)
I will see to update docs, once I'm clear on this procedure in more
details...
Thanks a lot Simon !
On 3 May 2017 at 23:34, Andrija Panic <an...@gmail.com> wrote:
> Ok, thanks, I need to read a bit on tagging networks, first time I
> encounter this.
>
> agent.properties only has 1 guest interface definition (
> guest.network.device=bond0.950), so I will see how this behaves...
>
> Thanks for input Simon
>
> On 3 May 2017 at 23:19, Simon Weller <sw...@ena.com> wrote:
>
>> We deploy with 2 physical interfaces. 1 is for vxlan guest networks and
>> the other is a trunk interfaces for public, mgmt and private gateways. We
>> found that tagging was necessary, or the incorrect interface can be
>> selected because both have guest networks.
>>
>>
>> ________________________________
>> From: Andrija Panic <an...@gmail.com>
>> Sent: Wednesday, May 3, 2017 4:09 PM
>> To: dev@cloudstack.apache.org
>> Cc: users@cloudstack.apache.org
>> Subject: Re: help/advise needed: Private gateway vs. new physcial network
>> issue
>>
>> Hi Simon,
>>
>> not at all. We use tags only for storage and compute(service)/disk
>> offerings...
>>
>> But,
>>
>> I just found out, even when I change recird in DB record, change KVM label
>> from bond0.950 to bond0, then disable/enable zone, and even restart mgmt
>> servers, still ACS provision vlan 999 on top of bond0.950 although I
>> selected bond0.
>>
>>
>> Her is funny thing: when I changed agent.properties
>> file guest.network.device=bond0.950 to bond0, then it worked (at least
>> proper PIF selected)...but again this can't be done on production in my
>> case
>>
>> It would be interesting to know (Cloudops and others) if you guys use same
>> physical network to carrrie guest private networks (vlans or vxlans?) AND
>> these new vlans for PRIV.GTW. We use vxlans gor guest traffic...
>>
>>
>> Thanks Simon,
>>
>> Andrija
>>
>> On 3 May 2017 at 23:01, Simon Weller <sw...@ena.com> wrote:
>>
>> > Andrija,
>> >
>> >
>> > Do you have any network tagging setup for your vpc network offerings
>> that
>> > correspond to your zone network tags?
>> >
>> > ________________________________
>> > From: Andrija Panic <an...@gmail.com>
>> > Sent: Wednesday, May 3, 2017 3:46 PM
>> > To: users@cloudstack.apache.org; dev@cloudstack.apache.org
>> > Subject: help/advise needed: Private gateway vs. new physcial network
>> issue
>> >
>> > Hi all,
>> >
>> > I'm trying to to test Private Gateway on our production (actually on DEV
>> > first :) ) setup, of ACS 4.5,
>> > but I'm hitting some strange issues during actual creation of PV GTW.
>> >
>> > My setup is the following:
>> >
>> > ACS 4.5, advanced zone KVM (ubuntu 14)
>> > mgmt network: KVM label/name: cloudbr0
>> > sec. stor.network KMV label/name: cloudbr2
>> > guest network KVM label/name: bond0.950 (we use vxlans, so this is
>> > apropriate...)
>> > public network KVM label/name: cloudbr3
>> >
>> > This above is all fine, but when adding PRIV.GTW, ACS tries to provision
>> > new vlan interface (later with bridge...) on top of selected physical
>> > interface (from the list above) - which in my case is impossible, as it
>> > seems.
>> >
>> > So I decided to add addional Physical Network (name: bond0), so I expect
>> > ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
>> > testing purposes (vlan 999)
>> >
>> > PROBLEM:
>> > - in running zone, I need to disable it, then I use CloudMonkey to add
>> > zone:
>> > * create physicalnetwork name=bond0 broadcastdomainrange=zone
>> > zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
>> > Afterwards I do enable the zone: update physicalnetwork state=Enabled
>> > id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
>> >
>> > First command above, does NOT update DB table
>> > cloud.physical_network_isolation_methods
>> > with new record, so when you list network it dont mentions
>> > isolation_method.
>> > OK, I edit DB directly, and create new row referencing new network by
>> ID,
>> > and vlan set as isolation method.
>> >
>> > BTW, table cloud.physical_network_traffic_types is not populated,
>> which I
>> > assume is OK/good since I don't want any normal traffci
>> > (mgmt/guest.public/storage) to go over this physical net - but again
>> this
>> > might be the root of problems ? Since the only guest network is on PIF
>> > bond0.950
>> >
>> > When I try to create PRIV.GTW, ACS does some magic, and again tries to
>> > provision vlan 999 interface (example vlan from above) on bond0.950
>> (guest
>> > network) (bond0.950.999)
>> >
>> > I checked the logs (attached below) and it does trie to provision GTW on
>> > new physical network really.
>> >
>> > I'm assuming, that maybe since no values for new bond0 network inside
>> table
>> > cloud.physical_network_traffic_types is populated, that than ACS fails
>> > back
>> > to only available guest network, and that is bond0.950 - also I recall
>> we
>> > need to define KVM label so the ACS will actaully know on which
>> interface
>> > to use... (which is missing from DB for new bond0 network, as
>> explained...)
>> >
>> > I checked the logs, and didn't see any intersting stuff really (perhaps
>> I'm
>> > missing something...)
>> > https://pastebin.com/MZXrK31M
>> [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>>
>> PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.
>> com/MZXrK31M>
>> pastebin.com
>>
>>
>>
>> > [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>> >
>> > PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.
>> com/MZXrK31M
>> > >
>> > pastebin.com
>> >
>> >
>> >
>> >
>> > I would really appreciate any help, since I dont know which direction
>> to go
>> > now...
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > Andrija Panić
>> >
>>
>>
>>
>> --
>>
>> Andrija Panić
>>
>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network issue
Posted by Andrija Panic <an...@gmail.com>.
Ok, thanks, I need to read a bit on tagging networks, first time I
encounter this.
agent.properties only has 1 guest interface definition (
guest.network.device=bond0.950), so I will see how this behaves...
Thanks for input Simon
On 3 May 2017 at 23:19, Simon Weller <sw...@ena.com> wrote:
> We deploy with 2 physical interfaces. 1 is for vxlan guest networks and
> the other is a trunk interfaces for public, mgmt and private gateways. We
> found that tagging was necessary, or the incorrect interface can be
> selected because both have guest networks.
>
>
> ________________________________
> From: Andrija Panic <an...@gmail.com>
> Sent: Wednesday, May 3, 2017 4:09 PM
> To: dev@cloudstack.apache.org
> Cc: users@cloudstack.apache.org
> Subject: Re: help/advise needed: Private gateway vs. new physcial network
> issue
>
> Hi Simon,
>
> not at all. We use tags only for storage and compute(service)/disk
> offerings...
>
> But,
>
> I just found out, even when I change recird in DB record, change KVM label
> from bond0.950 to bond0, then disable/enable zone, and even restart mgmt
> servers, still ACS provision vlan 999 on top of bond0.950 although I
> selected bond0.
>
>
> Her is funny thing: when I changed agent.properties
> file guest.network.device=bond0.950 to bond0, then it worked (at least
> proper PIF selected)...but again this can't be done on production in my
> case
>
> It would be interesting to know (Cloudops and others) if you guys use same
> physical network to carrrie guest private networks (vlans or vxlans?) AND
> these new vlans for PRIV.GTW. We use vxlans gor guest traffic...
>
>
> Thanks Simon,
>
> Andrija
>
> On 3 May 2017 at 23:01, Simon Weller <sw...@ena.com> wrote:
>
> > Andrija,
> >
> >
> > Do you have any network tagging setup for your vpc network offerings that
> > correspond to your zone network tags?
> >
> > ________________________________
> > From: Andrija Panic <an...@gmail.com>
> > Sent: Wednesday, May 3, 2017 3:46 PM
> > To: users@cloudstack.apache.org; dev@cloudstack.apache.org
> > Subject: help/advise needed: Private gateway vs. new physcial network
> issue
> >
> > Hi all,
> >
> > I'm trying to to test Private Gateway on our production (actually on DEV
> > first :) ) setup, of ACS 4.5,
> > but I'm hitting some strange issues during actual creation of PV GTW.
> >
> > My setup is the following:
> >
> > ACS 4.5, advanced zone KVM (ubuntu 14)
> > mgmt network: KVM label/name: cloudbr0
> > sec. stor.network KMV label/name: cloudbr2
> > guest network KVM label/name: bond0.950 (we use vxlans, so this is
> > apropriate...)
> > public network KVM label/name: cloudbr3
> >
> > This above is all fine, but when adding PRIV.GTW, ACS tries to provision
> > new vlan interface (later with bridge...) on top of selected physical
> > interface (from the list above) - which in my case is impossible, as it
> > seems.
> >
> > So I decided to add addional Physical Network (name: bond0), so I expect
> > ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
> > testing purposes (vlan 999)
> >
> > PROBLEM:
> > - in running zone, I need to disable it, then I use CloudMonkey to add
> > zone:
> > * create physicalnetwork name=bond0 broadcastdomainrange=zone
> > zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
> > Afterwards I do enable the zone: update physicalnetwork state=Enabled
> > id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
> >
> > First command above, does NOT update DB table
> > cloud.physical_network_isolation_methods
> > with new record, so when you list network it dont mentions
> > isolation_method.
> > OK, I edit DB directly, and create new row referencing new network by ID,
> > and vlan set as isolation method.
> >
> > BTW, table cloud.physical_network_traffic_types is not populated, which
> I
> > assume is OK/good since I don't want any normal traffci
> > (mgmt/guest.public/storage) to go over this physical net - but again this
> > might be the root of problems ? Since the only guest network is on PIF
> > bond0.950
> >
> > When I try to create PRIV.GTW, ACS does some magic, and again tries to
> > provision vlan 999 interface (example vlan from above) on bond0.950
> (guest
> > network) (bond0.950.999)
> >
> > I checked the logs (attached below) and it does trie to provision GTW on
> > new physical network really.
> >
> > I'm assuming, that maybe since no values for new bond0 network inside
> table
> > cloud.physical_network_traffic_types is populated, that than ACS fails
> > back
> > to only available guest network, and that is bond0.950 - also I recall we
> > need to define KVM label so the ACS will actaully know on which interface
> > to use... (which is missing from DB for new bond0 network, as
> explained...)
> >
> > I checked the logs, and didn't see any intersting stuff really (perhaps
> I'm
> > missing something...)
> > https://pastebin.com/MZXrK31M
> [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>
> PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M
> >
> pastebin.com
>
>
>
> > [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
> >
> > PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.
> com/MZXrK31M
> > >
> > pastebin.com
> >
> >
> >
> >
> > I would really appreciate any help, since I dont know which direction to
> go
> > now...
> >
> >
> >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network issue
Posted by Andrija Panic <an...@gmail.com>.
Ok, thanks, I need to read a bit on tagging networks, first time I
encounter this.
agent.properties only has 1 guest interface definition (
guest.network.device=bond0.950), so I will see how this behaves...
Thanks for input Simon
On 3 May 2017 at 23:19, Simon Weller <sw...@ena.com> wrote:
> We deploy with 2 physical interfaces. 1 is for vxlan guest networks and
> the other is a trunk interfaces for public, mgmt and private gateways. We
> found that tagging was necessary, or the incorrect interface can be
> selected because both have guest networks.
>
>
> ________________________________
> From: Andrija Panic <an...@gmail.com>
> Sent: Wednesday, May 3, 2017 4:09 PM
> To: dev@cloudstack.apache.org
> Cc: users@cloudstack.apache.org
> Subject: Re: help/advise needed: Private gateway vs. new physcial network
> issue
>
> Hi Simon,
>
> not at all. We use tags only for storage and compute(service)/disk
> offerings...
>
> But,
>
> I just found out, even when I change recird in DB record, change KVM label
> from bond0.950 to bond0, then disable/enable zone, and even restart mgmt
> servers, still ACS provision vlan 999 on top of bond0.950 although I
> selected bond0.
>
>
> Her is funny thing: when I changed agent.properties
> file guest.network.device=bond0.950 to bond0, then it worked (at least
> proper PIF selected)...but again this can't be done on production in my
> case
>
> It would be interesting to know (Cloudops and others) if you guys use same
> physical network to carrrie guest private networks (vlans or vxlans?) AND
> these new vlans for PRIV.GTW. We use vxlans gor guest traffic...
>
>
> Thanks Simon,
>
> Andrija
>
> On 3 May 2017 at 23:01, Simon Weller <sw...@ena.com> wrote:
>
> > Andrija,
> >
> >
> > Do you have any network tagging setup for your vpc network offerings that
> > correspond to your zone network tags?
> >
> > ________________________________
> > From: Andrija Panic <an...@gmail.com>
> > Sent: Wednesday, May 3, 2017 3:46 PM
> > To: users@cloudstack.apache.org; dev@cloudstack.apache.org
> > Subject: help/advise needed: Private gateway vs. new physcial network
> issue
> >
> > Hi all,
> >
> > I'm trying to to test Private Gateway on our production (actually on DEV
> > first :) ) setup, of ACS 4.5,
> > but I'm hitting some strange issues during actual creation of PV GTW.
> >
> > My setup is the following:
> >
> > ACS 4.5, advanced zone KVM (ubuntu 14)
> > mgmt network: KVM label/name: cloudbr0
> > sec. stor.network KMV label/name: cloudbr2
> > guest network KVM label/name: bond0.950 (we use vxlans, so this is
> > apropriate...)
> > public network KVM label/name: cloudbr3
> >
> > This above is all fine, but when adding PRIV.GTW, ACS tries to provision
> > new vlan interface (later with bridge...) on top of selected physical
> > interface (from the list above) - which in my case is impossible, as it
> > seems.
> >
> > So I decided to add addional Physical Network (name: bond0), so I expect
> > ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
> > testing purposes (vlan 999)
> >
> > PROBLEM:
> > - in running zone, I need to disable it, then I use CloudMonkey to add
> > zone:
> > * create physicalnetwork name=bond0 broadcastdomainrange=zone
> > zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
> > Afterwards I do enable the zone: update physicalnetwork state=Enabled
> > id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
> >
> > First command above, does NOT update DB table
> > cloud.physical_network_isolation_methods
> > with new record, so when you list network it dont mentions
> > isolation_method.
> > OK, I edit DB directly, and create new row referencing new network by ID,
> > and vlan set as isolation method.
> >
> > BTW, table cloud.physical_network_traffic_types is not populated, which
> I
> > assume is OK/good since I don't want any normal traffci
> > (mgmt/guest.public/storage) to go over this physical net - but again this
> > might be the root of problems ? Since the only guest network is on PIF
> > bond0.950
> >
> > When I try to create PRIV.GTW, ACS does some magic, and again tries to
> > provision vlan 999 interface (example vlan from above) on bond0.950
> (guest
> > network) (bond0.950.999)
> >
> > I checked the logs (attached below) and it does trie to provision GTW on
> > new physical network really.
> >
> > I'm assuming, that maybe since no values for new bond0 network inside
> table
> > cloud.physical_network_traffic_types is populated, that than ACS fails
> > back
> > to only available guest network, and that is bond0.950 - also I recall we
> > need to define KVM label so the ACS will actaully know on which interface
> > to use... (which is missing from DB for new bond0 network, as
> explained...)
> >
> > I checked the logs, and didn't see any intersting stuff really (perhaps
> I'm
> > missing something...)
> > https://pastebin.com/MZXrK31M
> [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>
> PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M
> >
> pastebin.com
>
>
>
> > [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
> >
> > PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.
> com/MZXrK31M
> > >
> > pastebin.com
> >
> >
> >
> >
> > I would really appreciate any help, since I dont know which direction to
> go
> > now...
> >
> >
> >
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network
issue
Posted by Simon Weller <sw...@ena.com>.
We deploy with 2 physical interfaces. 1 is for vxlan guest networks and the other is a trunk interfaces for public, mgmt and private gateways. We found that tagging was necessary, or the incorrect interface can be selected because both have guest networks.
________________________________
From: Andrija Panic <an...@gmail.com>
Sent: Wednesday, May 3, 2017 4:09 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: Re: help/advise needed: Private gateway vs. new physcial network issue
Hi Simon,
not at all. We use tags only for storage and compute(service)/disk
offerings...
But,
I just found out, even when I change recird in DB record, change KVM label
from bond0.950 to bond0, then disable/enable zone, and even restart mgmt
servers, still ACS provision vlan 999 on top of bond0.950 although I
selected bond0.
Her is funny thing: when I changed agent.properties
file guest.network.device=bond0.950 to bond0, then it worked (at least
proper PIF selected)...but again this can't be done on production in my case
It would be interesting to know (Cloudops and others) if you guys use same
physical network to carrrie guest private networks (vlans or vxlans?) AND
these new vlans for PRIV.GTW. We use vxlans gor guest traffic...
Thanks Simon,
Andrija
On 3 May 2017 at 23:01, Simon Weller <sw...@ena.com> wrote:
> Andrija,
>
>
> Do you have any network tagging setup for your vpc network offerings that
> correspond to your zone network tags?
>
> ________________________________
> From: Andrija Panic <an...@gmail.com>
> Sent: Wednesday, May 3, 2017 3:46 PM
> To: users@cloudstack.apache.org; dev@cloudstack.apache.org
> Subject: help/advise needed: Private gateway vs. new physcial network issue
>
> Hi all,
>
> I'm trying to to test Private Gateway on our production (actually on DEV
> first :) ) setup, of ACS 4.5,
> but I'm hitting some strange issues during actual creation of PV GTW.
>
> My setup is the following:
>
> ACS 4.5, advanced zone KVM (ubuntu 14)
> mgmt network: KVM label/name: cloudbr0
> sec. stor.network KMV label/name: cloudbr2
> guest network KVM label/name: bond0.950 (we use vxlans, so this is
> apropriate...)
> public network KVM label/name: cloudbr3
>
> This above is all fine, but when adding PRIV.GTW, ACS tries to provision
> new vlan interface (later with bridge...) on top of selected physical
> interface (from the list above) - which in my case is impossible, as it
> seems.
>
> So I decided to add addional Physical Network (name: bond0), so I expect
> ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
> testing purposes (vlan 999)
>
> PROBLEM:
> - in running zone, I need to disable it, then I use CloudMonkey to add
> zone:
> * create physicalnetwork name=bond0 broadcastdomainrange=zone
> zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
> Afterwards I do enable the zone: update physicalnetwork state=Enabled
> id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
>
> First command above, does NOT update DB table
> cloud.physical_network_isolation_methods
> with new record, so when you list network it dont mentions
> isolation_method.
> OK, I edit DB directly, and create new row referencing new network by ID,
> and vlan set as isolation method.
>
> BTW, table cloud.physical_network_traffic_types is not populated, which I
> assume is OK/good since I don't want any normal traffci
> (mgmt/guest.public/storage) to go over this physical net - but again this
> might be the root of problems ? Since the only guest network is on PIF
> bond0.950
>
> When I try to create PRIV.GTW, ACS does some magic, and again tries to
> provision vlan 999 interface (example vlan from above) on bond0.950 (guest
> network) (bond0.950.999)
>
> I checked the logs (attached below) and it does trie to provision GTW on
> new physical network really.
>
> I'm assuming, that maybe since no values for new bond0 network inside table
> cloud.physical_network_traffic_types is populated, that than ACS fails
> back
> to only available guest network, and that is bond0.950 - also I recall we
> need to define KVM label so the ACS will actaully know on which interface
> to use... (which is missing from DB for new bond0 network, as explained...)
>
> I checked the logs, and didn't see any intersting stuff really (perhaps I'm
> missing something...)
> https://pastebin.com/MZXrK31M
[https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M>
pastebin.com
> [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>
> PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M
> >
> pastebin.com
>
>
>
>
> I would really appreciate any help, since I dont know which direction to go
> now...
>
>
>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network
issue
Posted by Simon Weller <sw...@ena.com>.
We deploy with 2 physical interfaces. 1 is for vxlan guest networks and the other is a trunk interfaces for public, mgmt and private gateways. We found that tagging was necessary, or the incorrect interface can be selected because both have guest networks.
________________________________
From: Andrija Panic <an...@gmail.com>
Sent: Wednesday, May 3, 2017 4:09 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: Re: help/advise needed: Private gateway vs. new physcial network issue
Hi Simon,
not at all. We use tags only for storage and compute(service)/disk
offerings...
But,
I just found out, even when I change recird in DB record, change KVM label
from bond0.950 to bond0, then disable/enable zone, and even restart mgmt
servers, still ACS provision vlan 999 on top of bond0.950 although I
selected bond0.
Her is funny thing: when I changed agent.properties
file guest.network.device=bond0.950 to bond0, then it worked (at least
proper PIF selected)...but again this can't be done on production in my case
It would be interesting to know (Cloudops and others) if you guys use same
physical network to carrrie guest private networks (vlans or vxlans?) AND
these new vlans for PRIV.GTW. We use vxlans gor guest traffic...
Thanks Simon,
Andrija
On 3 May 2017 at 23:01, Simon Weller <sw...@ena.com> wrote:
> Andrija,
>
>
> Do you have any network tagging setup for your vpc network offerings that
> correspond to your zone network tags?
>
> ________________________________
> From: Andrija Panic <an...@gmail.com>
> Sent: Wednesday, May 3, 2017 3:46 PM
> To: users@cloudstack.apache.org; dev@cloudstack.apache.org
> Subject: help/advise needed: Private gateway vs. new physcial network issue
>
> Hi all,
>
> I'm trying to to test Private Gateway on our production (actually on DEV
> first :) ) setup, of ACS 4.5,
> but I'm hitting some strange issues during actual creation of PV GTW.
>
> My setup is the following:
>
> ACS 4.5, advanced zone KVM (ubuntu 14)
> mgmt network: KVM label/name: cloudbr0
> sec. stor.network KMV label/name: cloudbr2
> guest network KVM label/name: bond0.950 (we use vxlans, so this is
> apropriate...)
> public network KVM label/name: cloudbr3
>
> This above is all fine, but when adding PRIV.GTW, ACS tries to provision
> new vlan interface (later with bridge...) on top of selected physical
> interface (from the list above) - which in my case is impossible, as it
> seems.
>
> So I decided to add addional Physical Network (name: bond0), so I expect
> ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
> testing purposes (vlan 999)
>
> PROBLEM:
> - in running zone, I need to disable it, then I use CloudMonkey to add
> zone:
> * create physicalnetwork name=bond0 broadcastdomainrange=zone
> zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
> Afterwards I do enable the zone: update physicalnetwork state=Enabled
> id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
>
> First command above, does NOT update DB table
> cloud.physical_network_isolation_methods
> with new record, so when you list network it dont mentions
> isolation_method.
> OK, I edit DB directly, and create new row referencing new network by ID,
> and vlan set as isolation method.
>
> BTW, table cloud.physical_network_traffic_types is not populated, which I
> assume is OK/good since I don't want any normal traffci
> (mgmt/guest.public/storage) to go over this physical net - but again this
> might be the root of problems ? Since the only guest network is on PIF
> bond0.950
>
> When I try to create PRIV.GTW, ACS does some magic, and again tries to
> provision vlan 999 interface (example vlan from above) on bond0.950 (guest
> network) (bond0.950.999)
>
> I checked the logs (attached below) and it does trie to provision GTW on
> new physical network really.
>
> I'm assuming, that maybe since no values for new bond0 network inside table
> cloud.physical_network_traffic_types is populated, that than ACS fails
> back
> to only available guest network, and that is bond0.950 - also I recall we
> need to define KVM label so the ACS will actaully know on which interface
> to use... (which is missing from DB for new bond0 network, as explained...)
>
> I checked the logs, and didn't see any intersting stuff really (perhaps I'm
> missing something...)
> https://pastebin.com/MZXrK31M
[https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M>
pastebin.com
> [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>
> PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M
> >
> pastebin.com
>
>
>
>
> I would really appreciate any help, since I dont know which direction to go
> now...
>
>
>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network issue
Posted by Andrija Panic <an...@gmail.com>.
Hi Simon,
not at all. We use tags only for storage and compute(service)/disk
offerings...
But,
I just found out, even when I change recird in DB record, change KVM label
from bond0.950 to bond0, then disable/enable zone, and even restart mgmt
servers, still ACS provision vlan 999 on top of bond0.950 although I
selected bond0.
Her is funny thing: when I changed agent.properties
file guest.network.device=bond0.950 to bond0, then it worked (at least
proper PIF selected)...but again this can't be done on production in my case
It would be interesting to know (Cloudops and others) if you guys use same
physical network to carrrie guest private networks (vlans or vxlans?) AND
these new vlans for PRIV.GTW. We use vxlans gor guest traffic...
Thanks Simon,
Andrija
On 3 May 2017 at 23:01, Simon Weller <sw...@ena.com> wrote:
> Andrija,
>
>
> Do you have any network tagging setup for your vpc network offerings that
> correspond to your zone network tags?
>
> ________________________________
> From: Andrija Panic <an...@gmail.com>
> Sent: Wednesday, May 3, 2017 3:46 PM
> To: users@cloudstack.apache.org; dev@cloudstack.apache.org
> Subject: help/advise needed: Private gateway vs. new physcial network issue
>
> Hi all,
>
> I'm trying to to test Private Gateway on our production (actually on DEV
> first :) ) setup, of ACS 4.5,
> but I'm hitting some strange issues during actual creation of PV GTW.
>
> My setup is the following:
>
> ACS 4.5, advanced zone KVM (ubuntu 14)
> mgmt network: KVM label/name: cloudbr0
> sec. stor.network KMV label/name: cloudbr2
> guest network KVM label/name: bond0.950 (we use vxlans, so this is
> apropriate...)
> public network KVM label/name: cloudbr3
>
> This above is all fine, but when adding PRIV.GTW, ACS tries to provision
> new vlan interface (later with bridge...) on top of selected physical
> interface (from the list above) - which in my case is impossible, as it
> seems.
>
> So I decided to add addional Physical Network (name: bond0), so I expect
> ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
> testing purposes (vlan 999)
>
> PROBLEM:
> - in running zone, I need to disable it, then I use CloudMonkey to add
> zone:
> * create physicalnetwork name=bond0 broadcastdomainrange=zone
> zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
> Afterwards I do enable the zone: update physicalnetwork state=Enabled
> id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
>
> First command above, does NOT update DB table
> cloud.physical_network_isolation_methods
> with new record, so when you list network it dont mentions
> isolation_method.
> OK, I edit DB directly, and create new row referencing new network by ID,
> and vlan set as isolation method.
>
> BTW, table cloud.physical_network_traffic_types is not populated, which I
> assume is OK/good since I don't want any normal traffci
> (mgmt/guest.public/storage) to go over this physical net - but again this
> might be the root of problems ? Since the only guest network is on PIF
> bond0.950
>
> When I try to create PRIV.GTW, ACS does some magic, and again tries to
> provision vlan 999 interface (example vlan from above) on bond0.950 (guest
> network) (bond0.950.999)
>
> I checked the logs (attached below) and it does trie to provision GTW on
> new physical network really.
>
> I'm assuming, that maybe since no values for new bond0 network inside table
> cloud.physical_network_traffic_types is populated, that than ACS fails
> back
> to only available guest network, and that is bond0.950 - also I recall we
> need to define KVM label so the ACS will actaully know on which interface
> to use... (which is missing from DB for new bond0 network, as explained...)
>
> I checked the logs, and didn't see any intersting stuff really (perhaps I'm
> missing something...)
> https://pastebin.com/MZXrK31M
> [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>
> PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M
> >
> pastebin.com
>
>
>
>
> I would really appreciate any help, since I dont know which direction to go
> now...
>
>
>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network issue
Posted by Andrija Panic <an...@gmail.com>.
Hi Simon,
not at all. We use tags only for storage and compute(service)/disk
offerings...
But,
I just found out, even when I change recird in DB record, change KVM label
from bond0.950 to bond0, then disable/enable zone, and even restart mgmt
servers, still ACS provision vlan 999 on top of bond0.950 although I
selected bond0.
Her is funny thing: when I changed agent.properties
file guest.network.device=bond0.950 to bond0, then it worked (at least
proper PIF selected)...but again this can't be done on production in my case
It would be interesting to know (Cloudops and others) if you guys use same
physical network to carrrie guest private networks (vlans or vxlans?) AND
these new vlans for PRIV.GTW. We use vxlans gor guest traffic...
Thanks Simon,
Andrija
On 3 May 2017 at 23:01, Simon Weller <sw...@ena.com> wrote:
> Andrija,
>
>
> Do you have any network tagging setup for your vpc network offerings that
> correspond to your zone network tags?
>
> ________________________________
> From: Andrija Panic <an...@gmail.com>
> Sent: Wednesday, May 3, 2017 3:46 PM
> To: users@cloudstack.apache.org; dev@cloudstack.apache.org
> Subject: help/advise needed: Private gateway vs. new physcial network issue
>
> Hi all,
>
> I'm trying to to test Private Gateway on our production (actually on DEV
> first :) ) setup, of ACS 4.5,
> but I'm hitting some strange issues during actual creation of PV GTW.
>
> My setup is the following:
>
> ACS 4.5, advanced zone KVM (ubuntu 14)
> mgmt network: KVM label/name: cloudbr0
> sec. stor.network KMV label/name: cloudbr2
> guest network KVM label/name: bond0.950 (we use vxlans, so this is
> apropriate...)
> public network KVM label/name: cloudbr3
>
> This above is all fine, but when adding PRIV.GTW, ACS tries to provision
> new vlan interface (later with bridge...) on top of selected physical
> interface (from the list above) - which in my case is impossible, as it
> seems.
>
> So I decided to add addional Physical Network (name: bond0), so I expect
> ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
> testing purposes (vlan 999)
>
> PROBLEM:
> - in running zone, I need to disable it, then I use CloudMonkey to add
> zone:
> * create physicalnetwork name=bond0 broadcastdomainrange=zone
> zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
> Afterwards I do enable the zone: update physicalnetwork state=Enabled
> id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
>
> First command above, does NOT update DB table
> cloud.physical_network_isolation_methods
> with new record, so when you list network it dont mentions
> isolation_method.
> OK, I edit DB directly, and create new row referencing new network by ID,
> and vlan set as isolation method.
>
> BTW, table cloud.physical_network_traffic_types is not populated, which I
> assume is OK/good since I don't want any normal traffci
> (mgmt/guest.public/storage) to go over this physical net - but again this
> might be the root of problems ? Since the only guest network is on PIF
> bond0.950
>
> When I try to create PRIV.GTW, ACS does some magic, and again tries to
> provision vlan 999 interface (example vlan from above) on bond0.950 (guest
> network) (bond0.950.999)
>
> I checked the logs (attached below) and it does trie to provision GTW on
> new physical network really.
>
> I'm assuming, that maybe since no values for new bond0 network inside table
> cloud.physical_network_traffic_types is populated, that than ACS fails
> back
> to only available guest network, and that is bond0.950 - also I recall we
> need to define KVM label so the ACS will actaully know on which interface
> to use... (which is missing from DB for new bond0 network, as explained...)
>
> I checked the logs, and didn't see any intersting stuff really (perhaps I'm
> missing something...)
> https://pastebin.com/MZXrK31M
> [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
>
> PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M
> >
> pastebin.com
>
>
>
>
> I would really appreciate any help, since I dont know which direction to go
> now...
>
>
>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network
issue
Posted by Simon Weller <sw...@ena.com>.
Andrija,
Do you have any network tagging setup for your vpc network offerings that correspond to your zone network tags?
________________________________
From: Andrija Panic <an...@gmail.com>
Sent: Wednesday, May 3, 2017 3:46 PM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: help/advise needed: Private gateway vs. new physcial network issue
Hi all,
I'm trying to to test Private Gateway on our production (actually on DEV
first :) ) setup, of ACS 4.5,
but I'm hitting some strange issues during actual creation of PV GTW.
My setup is the following:
ACS 4.5, advanced zone KVM (ubuntu 14)
mgmt network: KVM label/name: cloudbr0
sec. stor.network KMV label/name: cloudbr2
guest network KVM label/name: bond0.950 (we use vxlans, so this is
apropriate...)
public network KVM label/name: cloudbr3
This above is all fine, but when adding PRIV.GTW, ACS tries to provision
new vlan interface (later with bridge...) on top of selected physical
interface (from the list above) - which in my case is impossible, as it
seems.
So I decided to add addional Physical Network (name: bond0), so I expect
ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
testing purposes (vlan 999)
PROBLEM:
- in running zone, I need to disable it, then I use CloudMonkey to add zone:
* create physicalnetwork name=bond0 broadcastdomainrange=zone
zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
Afterwards I do enable the zone: update physicalnetwork state=Enabled
id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
First command above, does NOT update DB table
cloud.physical_network_isolation_methods
with new record, so when you list network it dont mentions isolation_method.
OK, I edit DB directly, and create new row referencing new network by ID,
and vlan set as isolation method.
BTW, table cloud.physical_network_traffic_types is not populated, which I
assume is OK/good since I don't want any normal traffci
(mgmt/guest.public/storage) to go over this physical net - but again this
might be the root of problems ? Since the only guest network is on PIF
bond0.950
When I try to create PRIV.GTW, ACS does some magic, and again tries to
provision vlan 999 interface (example vlan from above) on bond0.950 (guest
network) (bond0.950.999)
I checked the logs (attached below) and it does trie to provision GTW on
new physical network really.
I'm assuming, that maybe since no values for new bond0 network inside table
cloud.physical_network_traffic_types is populated, that than ACS fails back
to only available guest network, and that is bond0.950 - also I recall we
need to define KVM label so the ACS will actaully know on which interface
to use... (which is missing from DB for new bond0 network, as explained...)
I checked the logs, and didn't see any intersting stuff really (perhaps I'm
missing something...)
https://pastebin.com/MZXrK31M
[https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M>
pastebin.com
I would really appreciate any help, since I dont know which direction to go
now...
--
Andrija Panić
Re: help/advise needed: Private gateway vs. new physcial network
issue
Posted by Simon Weller <sw...@ena.com>.
Andrija,
Do you have any network tagging setup for your vpc network offerings that correspond to your zone network tags?
________________________________
From: Andrija Panic <an...@gmail.com>
Sent: Wednesday, May 3, 2017 3:46 PM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: help/advise needed: Private gateway vs. new physcial network issue
Hi all,
I'm trying to to test Private Gateway on our production (actually on DEV
first :) ) setup, of ACS 4.5,
but I'm hitting some strange issues during actual creation of PV GTW.
My setup is the following:
ACS 4.5, advanced zone KVM (ubuntu 14)
mgmt network: KVM label/name: cloudbr0
sec. stor.network KMV label/name: cloudbr2
guest network KVM label/name: bond0.950 (we use vxlans, so this is
apropriate...)
public network KVM label/name: cloudbr3
This above is all fine, but when adding PRIV.GTW, ACS tries to provision
new vlan interface (later with bridge...) on top of selected physical
interface (from the list above) - which in my case is impossible, as it
seems.
So I decided to add addional Physical Network (name: bond0), so I expect
ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
testing purposes (vlan 999)
PROBLEM:
- in running zone, I need to disable it, then I use CloudMonkey to add zone:
* create physicalnetwork name=bond0 broadcastdomainrange=zone
zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
Afterwards I do enable the zone: update physicalnetwork state=Enabled
id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
First command above, does NOT update DB table
cloud.physical_network_isolation_methods
with new record, so when you list network it dont mentions isolation_method.
OK, I edit DB directly, and create new row referencing new network by ID,
and vlan set as isolation method.
BTW, table cloud.physical_network_traffic_types is not populated, which I
assume is OK/good since I don't want any normal traffci
(mgmt/guest.public/storage) to go over this physical net - but again this
might be the root of problems ? Since the only guest network is on PIF
bond0.950
When I try to create PRIV.GTW, ACS does some magic, and again tries to
provision vlan 999 interface (example vlan from above) on bond0.950 (guest
network) (bond0.950.999)
I checked the logs (attached below) and it does trie to provision GTW on
new physical network really.
I'm assuming, that maybe since no values for new bond0 network inside table
cloud.physical_network_traffic_types is populated, that than ACS fails back
to only available guest network, and that is bond0.950 - also I recall we
need to define KVM label so the ACS will actaully know on which interface
to use... (which is missing from DB for new bond0 network, as explained...)
I checked the logs, and didn't see any intersting stuff really (perhaps I'm
missing something...)
https://pastebin.com/MZXrK31M
[https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M>
PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin.com/MZXrK31M>
pastebin.com
I would really appreciate any help, since I dont know which direction to go
now...
--
Andrija Panić