cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Weller <>
Subject Re: help/advise needed: Private gateway vs. new physcial network issue
Date Wed, 03 May 2017 21:19:56 GMT
We deploy with 2 physical interfaces. 1 is for vxlan guest networks and the other is a trunk
interfaces for public, mgmt and private gateways. We found that tagging was necessary, or
the incorrect interface can be selected because both have guest networks.

From: Andrija Panic <>
Sent: Wednesday, May 3, 2017 4:09 PM
Subject: Re: help/advise needed: Private gateway vs. new physcial network issue

Hi Simon,

not at all. We use tags only for storage and compute(service)/disk


I just found out, even when I change recird in DB record, change KVM label
from bond0.950 to bond0, then disable/enable zone, and even restart mgmt
servers, still ACS provision vlan 999 on top of bond0.950 although I
selected bond0.

Her is funny thing: when I changed
file to bond0, then it worked (at least
proper PIF selected)...but again this can't be done on production in my case

It would be interesting to know (Cloudops and others) if you guys use same
physical network to carrrie guest private networks (vlans or vxlans?) AND
these new vlans for PRIV.GTW. We use vxlans gor guest traffic...

Thanks Simon,


On 3 May 2017 at 23:01, Simon Weller <> wrote:

> Andrija,
> Do you have any network tagging setup for your vpc network offerings that
> correspond to your zone network tags?
> ________________________________
> From: Andrija Panic <>
> Sent: Wednesday, May 3, 2017 3:46 PM
> To:;
> Subject: help/advise needed: Private gateway vs. new physcial network issue
> Hi all,
> I'm trying to to test Private Gateway on our production (actually on DEV
> first :) ) setup, of ACS 4.5,
> but I'm hitting some strange issues during actual creation of PV GTW.
> My setup is the following:
> ACS 4.5, advanced zone KVM (ubuntu 14)
> mgmt network: KVM label/name: cloudbr0
> sec. KMV label/name: cloudbr2
> guest network KVM label/name: bond0.950 (we use vxlans, so this is
> apropriate...)
> public network KVM label/name: cloudbr3
> This above is all fine, but when adding PRIV.GTW, ACS tries to provision
> new vlan interface (later with bridge...) on top of selected physical
> interface (from the list above) - which in my case is impossible, as it
> seems.
> So I decided to add addional Physical Network (name: bond0), so I expect
> ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for
> testing purposes (vlan 999)
> - in running zone, I need to disable it, then I use CloudMonkey to add
> zone:
> * create physicalnetwork name=bond0 broadcastdomainrange=zone
> zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan
> Afterwards I do enable the zone: update physicalnetwork state=Enabled
> id=3424e392-e0a1-4c21-81d9-db69acbe6c8e
> First command above, does NOT update DB table
> cloud.physical_network_isolation_methods
> with new record, so when you list network it dont mentions
> isolation_method.
> OK, I edit DB directly, and create new row referencing new network by ID,
> and vlan set as isolation method.
> BTW, table cloud.physical_network_traffic_types is not populated, which I
> assume is OK/good since I don't want any normal traffci
> (mgmt/guest.public/storage) to go over this physical net - but again this
> might be the root of problems ? Since the only guest network is on PIF
> bond0.950
> When I try to create PRIV.GTW, ACS does some magic, and again tries to
> provision vlan 999 interface (example vlan from above) on bond0.950 (guest
> network) (bond0.950.999)
> I checked the logs (attached below) and it does trie to provision GTW on
> new physical network really.
> I'm assuming, that maybe since no values for new bond0 network inside table
> cloud.physical_network_traffic_types is populated, that than ACS fails
> back
> to only available guest network, and that is bond0.950 - also I recall we
> need to define KVM label so the ACS will actaully know on which interface
> to use... (which is missing from DB for new bond0 network, as explained...)
> I checked the logs, and didn't see any intersting stuff really (perhaps I'm
> missing something...)

PRIV.GTW created on wrong PIF -<>

> []<>
> PRIV.GTW created on wrong PIF -<
> >
> I would really appreciate any help, since I dont know which direction to go
> now...
> --
> Andrija Panić


Andrija Panić

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message