Community
 
Other links
 
  1. Persistent Support
  2. Communauté
  3. CloudPlatform 3.x
 

CloudPlatform 3.x

Nouvelle publication    New comment
343 abonnés
 
Avatar
Pankaj Paliwal

F5 LB - Guest VLAN Advanced Zone

Avatar

F5 LB - Guest VLAN Advanced Zone

Hi Team,

I'm facing some issues while creating Guest Network . Below is the response which I got from CloudStack Community . I could have asked in this forum hence started a new thread here

My comments on Venkata's reply below

Can you paste the API that was fired from logs? You will see this kind of error only when CIDR specified.

Attched the MAN log for reference

Which version of cloudstack you are using?

CloudPlatform 3.0.6

-----Original Message-----
From: Anoop Mohan AnoopMo@.com
Sent: Wednesday, 24 April 2013 10:43 AM
To: Venkata SwamyBabu Budumuru; users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Sorry typo error

Pasting below

If I didn't specify CIDR, Below UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan
-----Original Message-----
From: Venkata SwamyBabu Budumuru
venkataswamybabu.budumuru@.com
Sent: Wednesday, April 24, 2013 10:32 AM
To: Anoop Mohan; users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Anoop,

createNetwork automatically generates a random unique CIDR in case if there are external devices used for some of the service. Please try creating guest n/w without CIDR and it should solve the issue.

Thanks,
SWAMY

-----Original Message-----
From: Anoop Mohan AnoopMo@.com
Sent: Wednesday, 24 April 2013 10:14 AM
To: users@cloudstack.apache.org; Venkata SwamyBabu Budumuru; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

Hi Venkat,

I tried as you stated below. But still not able to create guest network.

Setup Details.

1. Created New NW Offerings with services Capabilities as Dhcp:
VirtualRouter, Lb: F5BigIp, Dns: VirtualRouter, Vpn: VirtualRouter,
Firewall: VirtualRouter, StaticNat: VirtualRouter, UserData:
VirtualRouter, PortForwarding: VirtualRouter, SourceNat: VirtualRouter

2. Login with Admin user of newly created domain and try creating guest network using new NW offerings. Even I tried with users under ROOT domain as well

If I specify CIDR for guest , then it throws below error

2013-04-24 10:07:17,252 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-1:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network Ntwk[-1|Guest|18]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1

If I specify CIDR, Below UI status message appears

Cannot specify CIDR when using network offering with external devices!

Regards,
Anoop Mohan

-----Original Message-----
From: Venkata SwamyBabu Budumuru
venkataswamybabu.budumuru@.com
Sent: Saturday, April 20, 2013 3:25 PM
To: users@cloudstack.apache.org; cloudstack-users@incubator.apache.org
Subject: RE: F5 LB - Guest VLAN Advanced Zone

About the error you mentioned here is due to the fact that in the NetworkOffering you selected "source nat type" as 'per zone'. In case of VR providing SNAT service, we only support 'PER account'.

Sent from Samsung tablet

Anoop Mohan <AnoopMo@microland.com> wrote:
Hi Sanjeev,

>>>>> Please make sure that no guest VLANs were configured on F5 before adding to cloud stack. Also check the reachability to F5 from management server.

The guest VLANs which need to Integrate to CloudStack doesn't exist in F5. I'm using BIG-IP 9.4.7.

I'm following below wiki

http://wiki.cloudstack.org/pages/viewpage.action?pageId=11830811

>>>>> Related to second issue (access to guest vm from outside)
:PF/Static NAT services should present in the guest network. But I don't see those services in the network you have mentioned.

Yes I created a Network offerings with Static NAT works. Every Time I have to acquire new Public IP address and assign to VM's created under isolated Tenant.

Now Facing below issue.

Add F5 device and enabled.

When I use combination of VR Services and F5 LB Service as new Network offerings, and try spawning VM's using the same getting below error

2013-04-19 16:43:31,788 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-15:null) Exception while executing
CreateNetworkOfferingCmd:
com.cloud.exception.UnsupportedServiceException: Service SourceNat doesn't support value "perzone" for capability SupportedSourceNatTypes on VirtualRouter

2013-04-19 16:46:05,088 ERROR [cloud.api.ApiDispatcher]
(catalina-exec-20:null) Exception while executing CreateNetworkCmd:
com.cloud.utils.exception.CloudRuntimeException: Can't design network Ntwk[-1|Guest|17]; guest CIDR is not configured per zone
com.cloud.dc.DataCenterVO$$EnhancerByCGLIB$$f8cfc3d7@1

Is there any doc available or could you recommend in which I can create Network offerings for Isolated Guest Network using VLAN with external Network devices and VR services

Attached Files

  • Attached File  man.zip   182.32K   1 downloads

Anoop Mohan MEMBERS
10 commentaires
0
 
 

Commentaire officiel

Avatar
Pankaj Paliwal
Avatar

Not sure about the error, but from what you are saying about the F5 seems to indicate that it's setup, at least partially.

Can you telnet to the Public IP from the outside?
If yes, and based on the state of the F5, as described, it is likely that either the service isn't running on your guest instances or a local firewall (iptables) is blocking the connections.

When you telnet to the Public IP, you are talking to the F5. When you make an HTTP request, the F5 proxies those requests to the guest instances.

--Mike


Mike Little MEMBERS
Actions pour les commentaires Permalien

Vous devez vous connecter pour laisser un commentaire.

 
 

Previous 10 commentaires

Date Votes
Avatar
Pankaj Paliwal
Avatar

F5 LB - Guest VLAN Advanced Zone

Anoop,

Looks like the Zone-Guest_CIDR is not specified.

You can confirm this by running the following SQL query:
select guest_network_cidr from data_center where id=<zone_id>;

-somesh


Somesh Naidu CITRIX EMPLOYEES
0
Actions pour les commentaires Permalien
Avatar
Pankaj Paliwal
Avatar

yes i didn't enter CIDR while create advanced zone, since I have VLAN range mentioned in the guest traffic while i create zone.More over i don't want 10. * CIDR for my guest VMs

mysql> select guest_network_cidr from data_center;
--------------------
| guest_network_cidr |
--------------------
| NULL |
--------------------
1 row in set (0.00 sec)

Do i need to insert guest VLAN CIDR now?

Regards,
Anoop Mohan


Anoop Mohan MEMBERS
0
Actions pour les commentaires Permalien
Avatar
Pankaj Paliwal
Avatar

Hi Somesh,

I added CIDR in the zone. Now I'm abale to create VM's but the IPs are strange which is under CIDR 172.0.0.0/20, 172.0.48.0/20 where the guest isolated network i created.

If not wrong , I would be able to get guest VLAN's which I defined in guest traffic.At the same time I noted that when I create isolated guest network, the CIDR is assigned from my VLAN guest pool, but when i create VM's it changes to 172.0.0.0/20,172.0.48.0/20 for respective guest NWs etc

Anything wrong here?

I'm attaching man logs for your reference

Attached Files


Anoop Mohan MEMBERS
0
Actions pour les commentaires Permalien
Avatar
Pankaj Paliwal
Avatar

The change of the CIDR is actually expected behavior, when using external service providers in your network offering. As you've seen, when the first instance is created, a semi-random unique CIDR is defined, to ensure that no two guest networks are using the same CIDR.

Duplicate CIDRs could cause an issue on the external device, unless it supports routing domains (and that support is integrated with CCP).

--Mike


Mike Little MEMBERS
0
Actions pour les commentaires Permalien
Avatar
Pankaj Paliwal
Avatar

Hi Mike,

But my question here is why it is not picking from the Guest traffic VLAN range which I defined while created zone. My expectation was assigning VLAN from the pool and create multiple guest network and spawn instances within that VLAN ranges respectively .

I need to access VMs under these conditions , has to be accessed through static NAT and Load Balancing rule has to be in source NAT for the guest network. Is that right ?

Anoop


Anoop Mohan MEMBERS
0
Actions pour les commentaires Permalien
Avatar
Pankaj Paliwal
Avatar

I was replying about the seemingly random CIDR chosen during the launch of the initial instance in a new isolated network. This is expected.

If you defined a VLAN range, during zone creation, I would expect a VLAN to be chosen, again random and unique, from that range for the new isolated network. Each network will have a different VLAN and if you are using a network offering with external providers, a different CIDR. Is this not happening when the VirtualRouter, for the new network, is being launched?

To access the instance, from outside of CloudPlatform, you will either need to have a static NAT configured, using a "public" IP, or a port forwarding rule, again using a "public" IP. Another option would be a shared network, connected as a second nic on the instance.

Hope this helps.

--Mike


Mike Little MEMBERS
0
Actions pour les commentaires Permalien
Avatar
Pankaj Paliwal
Avatar

Hello Mike,

Thanks for your Information on this.

Now when I create LB rule for Source NAT IP, its throwing error.

2013-04-29 10:42:23,685 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-7:null) Ping from 3
2013-04-29 10:42:37,710 WARN [network.lb.LoadBalancingRulesManagerImpl] (catalina-exec-5:null) Failed to create load balancer due to
java.security.InvalidParameterException: There would be multiple providers for IP X.X.X.X!
2013-04-29 10:42:37,724 ERROR [cloud.api.ApiDispatcher] (catalina-exec-5:null) Exception while executing CreateLoadBalancerRuleCmd:
com.cloud.utils.exception.CloudRuntimeException: Failed to create load balancer rule: testrule

X.X.X.X is Source NAT IP for That network

Could you recommend the best NO for adding LB rules to isolated guest VMS

I follow below

Created NO with static NAT, Source NAT , DNS, DHCP, Firewall,PF - VR and LB - F5 external device

Source NAT IP for Adding LB rules and attach Guest VM's
Static NAT for accessing guest VM's from outside

Is that the right method?

Regards,
Anoop Mohan


Anoop Mohan MEMBERS
0
Actions pour les commentaires Permalien
Avatar
Pankaj Paliwal
Avatar

As the error states, you can't have two providers for a single IP. In this case, source NAT is being done by the VR and is using an IP. You can't do load balancing on this IP, with the F5. If you want to do load balancing, you will need to acquire another IP and use it for load balancing.

Hope this helps.

--Mike


Mike Little MEMBERS
0
Actions pour les commentaires Permalien
Avatar
Pankaj Paliwal
Avatar

Thanks Mike for the info

I acquire new IP address , add rules in it and added 2 guest vm under the rule.

Now I can't access the Public IP from outside.But when I tried to telnet public IP where LB rules is added, from the management network .I'm able to.

Log snippet

2013-05-02 09:48:22,718 WARN [cloud.network.ExternalDeviceUsageManagerImpl] (ExternalNetworkMonitor-1:null) Exception:
javax.persistence.EntityExistsException: Entity already exists:
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry '4-1-172.22.6.217-5-ExternalLoadBalancer' for key 'account_id'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
2013-05-02 09:48:22,730 DEBUG [storage.snapshot.SnapshotSchedulerImpl] (SnapshotPollTask:null) Snapshot scheduler.poll is being called at 2013-05-02 04:18:22 GMT

At the same time when I see pools of F% LB, I can see below

Service state : Unknown (Enabled) - The children pool member(s) either don't have service checking enabled, or service check results are not available yet

Please advice

Anoop


Anoop Mohan MEMBERS
0
Actions pour les commentaires Permalien

Participate

Ask, Discuss, Answer


Ask a Question
Getting Started
Discuss the Accelerite Support Portal

Top Contributors