I managed to solve it, thanks Simon: Steps, give or take: - add new physical network via CM - enable new physical network via CM - manually define VLAN as isolation method in DB (add new ROW in physical_network_isolation_methods table) - duplicate existing Guest network row from table physical_network_traffic_types (new uuid, and other changes as needed, to reflect new KVM label "bond0") - so this network becomes another Guest network... - Edit tags on both guest physical networks (via GUI) - Updated tags all Network Offerings inside DB (to match bond0.950 as main vxlan guest carrier network) - maybe not needed, maybe yes... - found "hidden" DB record in network_offering table called "System-Private-Gateway-Network-Offering" and this is where I needed to set tag to match the tag on second Guest network (bond0)
after this all works as expected Very purely documented (but I'm assuming much easire when you create 2 Guest networks during adding Zone in begining) I will see to update docs, once I'm clear on this procedure in more details... Thanks a lot Simon ! On 3 May 2017 at 23:34, Andrija Panic <andrija.pa...@gmail.com> wrote: > Ok, thanks, I need to read a bit on tagging networks, first time I > encounter this. > > agent.properties only has 1 guest interface definition ( > guest.network.device=bond0.950), so I will see how this behaves... > > Thanks for input Simon > > On 3 May 2017 at 23:19, Simon Weller <swel...@ena.com> wrote: > >> We deploy with 2 physical interfaces. 1 is for vxlan guest networks and >> the other is a trunk interfaces for public, mgmt and private gateways. We >> found that tagging was necessary, or the incorrect interface can be >> selected because both have guest networks. >> >> >> ________________________________ >> From: Andrija Panic <andrija.pa...@gmail.com> >> Sent: Wednesday, May 3, 2017 4:09 PM >> To: dev@cloudstack.apache.org >> Cc: us...@cloudstack.apache.org >> Subject: Re: help/advise needed: Private gateway vs. new physcial network >> issue >> >> Hi Simon, >> >> not at all. We use tags only for storage and compute(service)/disk >> offerings... >> >> But, >> >> I just found out, even when I change recird in DB record, change KVM label >> from bond0.950 to bond0, then disable/enable zone, and even restart mgmt >> servers, still ACS provision vlan 999 on top of bond0.950 although I >> selected bond0. >> >> >> Her is funny thing: when I changed agent.properties >> file guest.network.device=bond0.950 to bond0, then it worked (at least >> proper PIF selected)...but again this can't be done on production in my >> case >> >> It would be interesting to know (Cloudops and others) if you guys use same >> physical network to carrrie guest private networks (vlans or vxlans?) AND >> these new vlans for PRIV.GTW. We use vxlans gor guest traffic... >> >> >> Thanks Simon, >> >> Andrija >> >> On 3 May 2017 at 23:01, Simon Weller <swel...@ena.com> wrote: >> >> > Andrija, >> > >> > >> > Do you have any network tagging setup for your vpc network offerings >> that >> > correspond to your zone network tags? >> > >> > ________________________________ >> > From: Andrija Panic <andrija.pa...@gmail.com> >> > Sent: Wednesday, May 3, 2017 3:46 PM >> > To: us...@cloudstack.apache.org; dev@cloudstack.apache.org >> > Subject: help/advise needed: Private gateway vs. new physcial network >> issue >> > >> > Hi all, >> > >> > I'm trying to to test Private Gateway on our production (actually on DEV >> > first :) ) setup, of ACS 4.5, >> > but I'm hitting some strange issues during actual creation of PV GTW. >> > >> > My setup is the following: >> > >> > ACS 4.5, advanced zone KVM (ubuntu 14) >> > mgmt network: KVM label/name: cloudbr0 >> > sec. stor.network KMV label/name: cloudbr2 >> > guest network KVM label/name: bond0.950 (we use vxlans, so this is >> > apropriate...) >> > public network KVM label/name: cloudbr3 >> > >> > This above is all fine, but when adding PRIV.GTW, ACS tries to provision >> > new vlan interface (later with bridge...) on top of selected physical >> > interface (from the list above) - which in my case is impossible, as it >> > seems. >> > >> > So I decided to add addional Physical Network (name: bond0), so I expect >> > ACS will provision i.e. bond0.999 vlan interface for one PRIV.GTW for >> > testing purposes (vlan 999) >> > >> > PROBLEM: >> > - in running zone, I need to disable it, then I use CloudMonkey to add >> > zone: >> > * create physicalnetwork name=bond0 broadcastdomainrange=zone >> > zoneid=d27f6354-a715-40c7-8322-a31091f97699 isolationmethod=vlan >> > Afterwards I do enable the zone: update physicalnetwork state=Enabled >> > id=3424e392-e0a1-4c21-81d9-db69acbe6c8e >> > >> > First command above, does NOT update DB table >> > cloud.physical_network_isolation_methods >> > with new record, so when you list network it dont mentions >> > isolation_method. >> > OK, I edit DB directly, and create new row referencing new network by >> ID, >> > and vlan set as isolation method. >> > >> > BTW, table cloud.physical_network_traffic_types is not populated, >> which I >> > assume is OK/good since I don't want any normal traffci >> > (mgmt/guest.public/storage) to go over this physical net - but again >> this >> > might be the root of problems ? Since the only guest network is on PIF >> > bond0.950 >> > >> > When I try to create PRIV.GTW, ACS does some magic, and again tries to >> > provision vlan 999 interface (example vlan from above) on bond0.950 >> (guest >> > network) (bond0.950.999) >> > >> > I checked the logs (attached below) and it does trie to provision GTW on >> > new physical network really. >> > >> > I'm assuming, that maybe since no values for new bond0 network inside >> table >> > cloud.physical_network_traffic_types is populated, that than ACS fails >> > back >> > to only available guest network, and that is bond0.950 - also I recall >> we >> > need to define KVM label so the ACS will actaully know on which >> interface >> > to use... (which is missing from DB for new bond0 network, as >> explained...) >> > >> > I checked the logs, and didn't see any intersting stuff really (perhaps >> I'm >> > missing something...) >> > https://pastebin.com/MZXrK31M >> [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M> >> >> PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin. >> com/MZXrK31M> >> pastebin.com >> >> >> >> > [https://pastebin.com/i/facebook.png]<https://pastebin.com/MZXrK31M> >> > >> > PRIV.GTW created on wrong PIF - Pastebin.com<https://pastebin. >> com/MZXrK31M >> > > >> > pastebin.com >> > >> > >> > >> > >> > I would really appreciate any help, since I dont know which direction >> to go >> > now... >> > >> > >> > >> > >> > >> > -- >> > >> > Andrija Panić >> > >> >> >> >> -- >> >> Andrija Panić >> > > > > -- > > Andrija Panić > -- Andrija Panić
