cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murali Reddy <Murali.Re...@citrix.com>
Subject Re: CloudStack and F5 loadbalancer
Date Tue, 29 May 2012 19:04:05 GMT
On 28/05/12 8:49 PM, "dan@soleks.com" <dan@soleks.com> wrote:

>
>  Thanks for reply. I have F5 appliance which is absolutely empty, there
>are only one account, two interfaces 1.1 and 1.2, no vlans. CS can login
>to it successfully using admin credentials.
>  After that i created network offering with shared LB, created users
>network using that offering (for some reason i can't specify CIDR for
>external LB, and CS cut default /20 network for it, that is not clear -
>why i can't control CIDR, at this point there is no differences -
>software 
>router or standalone LB).

When CloudStack uses virtual router to provider network services like LB,
firewall that virtual router is dedicated to tenants guest network. There
is no multi-tenant issues here so you can choose the CIDR you want. But
when a single device like F5 is acting as load balancing service provider
for multiple tenants then it can result IP address conflicts if same CIDR
is used by two guest networks. Though F5 is multi-tenant aware and
supports notion of routing domain CloudStack is not integrated with it
yet. So when external devices provide network services CloudStack enforce
that each guest network gets a unique CIDR if it needs to use service from
external networking devices.

>When i started to create VM vlan was assigned to
>my network, and F5 was provisioned with that clan (i can see it in F5 ui
>and ifconfig shows it as well), but from my understanding CS is trying to
>create vlan second time (the log says about it explicitly):
>  
>   
>    2012-05-28 07:23:17,503 DEBUG [network.resource.F5BigIpResource]
>(DirectAgent-66:null) Creating a guest VLAN with tag 801
>    2012-05-28 07:23:17,556 ERROR [network.resource.F5BigIpResource]
>(DirectAgent-66:null) Exception caught in
>Networking::urn:iControl:Networking/VLAN::create()
>    Exception: Common::OperationFailed
>     primary_error_code   : 16908390 (0x01020066)
>     secondary_error_code : 0
>     error_string         : 01020066:3: The requested VLAN
>(/Common/vlan-801) already exists in partition Common.
>    2012-05-28 07:23:17,556 ERROR [network.resource.F5BigIpResource]
>(DirectAgent-66:null) Failed to execute IPAssocCommand due to
>com.cloud.utils.exception.ExecutionException: Exception caught in
>Networking::urn:iControl:Networking/VLAN::create()
>    Exception: Common::OperationFailed
>     primary_error_code   : 16908390 (0x01020066)
>     secondary_error_code : 0
>     error_string         : 01020066:3: The requested VLAN
>(/Common/vlan-801) already exists in partition Common.
>    2012-05-28 07:23:17,638 ERROR [network.resource.F5BigIpResource]
>(DirectAgent-66:null) Retrying IpAssocCommand. Number of retries
>remaining: 0
>    2012-05-28 07:23:17,779 DEBUG [agent.manager.DirectAgentAttache]
>(DirectAgent-80:null) Ping from 23
>    2012-05-28 07:23:17,848 DEBUG [network.resource.F5BigIpResource]
>(DirectAgent-66:null) Creating a guest VLAN with tag 801
>    2012-05-28 07:23:17,866 ERROR [network.resource.F5BigIpResource]
>(DirectAgent-66:null) Exception caught in
>Networking::urn:iControl:Networking/VLAN::create()
>    Exception: Common::OperationFailed
>     primary_error_code   : 16908390 (0x01020066)
>     secondary_error_code : 0
>     error_string         : 01020066:3: The requested VLAN
>(/Common/vlan-801) already exists in partition Common.
>    2012-05-28 07:23:17,867 ERROR [network.resource.F5BigIpResource]
>(DirectAgent-66:null) Failed to execute IPAssocCommand due to
>com.cloud.utils.exception.ExecutionException: Exception caught in
>Networking::urn:iControl:Networking/VLAN::create()
>    
>    and F5 doesn't like it causing full rollback. Process didn't get that
>spot when IP will be assigned.
>  

This could be a bug, please log this as defect.


Mime
View raw message