look like: https://github.com/apache/cloudstack/issues/9920 or/and https://github.com/apache/cloudstack/issues/10659
Von: Jan Vöhringer via users <[email protected]> Datum: Mittwoch, 4. Februar 2026 um 15:27 An: [email protected] <[email protected]> Cc: Jan Vöhringer <[email protected]> Betreff: AW: VXLAN-EVPN Bridge Name and Traffic Labels Hi, i think i have a missconfiguration in the hypervisor or cloudstack network setup. i don’t get it yet, if i have to configure only the labels, VNI as vxlan://xxx or only the vni? # agent.log 2026-02-04 15:19:50,575 WARN [cloud.agent.Agent] (AgentRequest-Handler-2:[]) (logid:db4b4a31) Caught: java.lang.NullPointerException: Cannot invoke "java.net.URI.getScheme()" because "uri" is null at com.cloud.network.Networks$BroadcastDomainType.getSchemeValue(Networks.java:180) at com.cloud.network.Networks$BroadcastDomainType.getValue(Networks.java:234) at com.cloud.hypervisor.kvm.resource.BridgeVifDriver.plug(BridgeVifDriver.java:258) at com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.createVif(LibvirtComputingResource.java:3816) at com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.createVifs(LibvirtComputingResource.java:3395) at com.cloud.hypervisor.kvm.resource.wrapper.LibvirtStartCommandWrapper.execute(LibvirtStartCommandWrapper.java:86) at com.cloud.hypervisor.kvm.resource.wrapper.LibvirtStartCommandWrapper.execute(LibvirtStartCommandWrapper.java:52) at com.cloud.hypervisor.kvm.resource.wrapper.LibvirtRequestWrapper.execute(LibvirtRequestWrapper.java:78) at com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:2240) at com.cloud.agent.Agent.processRequest(Agent.java:813) at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:1295) at com.cloud.utils.nio.Task.call(Task.java:83) at com.cloud.utils.nio.Task.call(Task.java:29) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) #server.log 2026-02-04 15:19:54,532 DEBUG [c.c.c.ClusterManagerImpl] (Cluster-Worker-1:[ctx-7e3fcb09]) (logid:df2760cd) Cluster PDU 60642730048 -> 60642730048. agent: 0, pdu seq: 344, pdu ack seq: 0, json: {"managementServerHostId":1,"managementServerHostUuid":"16e35d78-6374-47a0-a1b0-4634fdb744e8","managementServerRunId":1770194189343,"collectionTime":"Feb 4, 2026, 3:19:54 PM","sessions":1,"cpuUtilization":0.0,"totalJvmMemoryBytes":840957952,"freeJvmMemoryBytes":117792376,"maxJvmMemoryBytes":1908932607,"processJvmMemoryBytes":0,"jvmUptime":20628677,"jvmStartTime":1770194165702,"availableProcessors":32,"loadAverage":1.49,"totalInit":2155151360,"totalUsed":991749344,"totalCommitted":1115422720,"pid":293416,"jvmName":"293416@kvm01","jvmVendor":"Red Hat, Inc.","jvmVersion":"17.0.17+10-LTS","osDistribution":"AlmaLinux 9.7 (Moss Jungle Cat)","lastAgents":[],"agents":["f9e7dc26-4e18-4d59-9d00-5bd5325dd903"],"agentCount":1,"heapMemoryUsed":726020256,"heapMemoryTotal":1908932608,"threadsBlockedCount":0,"threadsDaemonCount":18,"threadsRunnableCount":24,"threadsTerminatedCount":0,"threadsTotalCount":400,"threadsWaitingCount":293,"systemMemoryTotal":269865910272,"systemMemoryFree":247759982592,"systemMemoryUsed":1849740,"systemMemoryVirtualSize":21610323968,"logInfo":"","systemTotalCpuCycles":60403.61999999999,"systemLoadAverages":[1.49,1.51,1.44],"systemCyclesUsage":[14800115,8539954,3830617237],"dbLocal":false,"usageLocal":false,"systemBootTime":"Jan 21, 2026, 10:06:10 AM","kernelVersion":"5.14.0-611.16.1.el9_7.x86_64"} 2026-02-04 15:19:54,532 DEBUG [c.c.c.ClusterServiceServletImpl] (Cluster-Worker-1:[ctx-7e3fcb09]) (logid:df2760cd) Executing ClusterServicePdu with service URL: https://10.10.28.101:9090/clusterservice 2026-02-04 15:19:54,536 ERROR [c.c.c.ClusterServiceServletImpl] (Cluster-Worker-1:[ctx-7e3fcb09]) (logid:df2760cd) Exception from : https://10.10.28.101:9090/clusterservice, method : null, exception : javax.net.ssl.SSLPeerUnverifiedException: Certificate for <10.10.28.101> doesn't match any of the subject alternative names: [192.168.88.168, kvm01, cloudstack.internal] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at com.cloud.cluster.ClusterServiceServletImpl.executePostMethod(ClusterServiceServletImpl.java:143) at com.cloud.cluster.ClusterServiceServletImpl.execute(ClusterServiceServletImpl.java:106) at com.cloud.cluster.ClusterManagerImpl.onSendingClusterPdu(ClusterManagerImpl.java:279) at com.cloud.cluster.ClusterManagerImpl$1.runInContext(ClusterManagerImpl.java:239) at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53) at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) Best Regards, Jan Von: Jan Vöhringer via users <[email protected]> Datum: Mittwoch, 4. Februar 2026 um 11:09 An: [email protected] <[email protected]> Cc: Jan Vöhringer <[email protected]> Betreff: AW: AW: AW: VXLAN-EVPN Bridge Name and Traffic Labels Hi, yes, i create the the VXLAN Interfaces first, then install Cloudstack. * vxlan1026 on bridge brdrbd1 * vxlan1028 on bridge brcsmm1 i think those are good. the consoleproxy vm is now up. but the secondarystoragevm still failing. # Physical Network Isolation Method: VXLAN VLAN/VNI: 200-299 Traffic Type: Guest, Management, Public, Storage Range: Zone ## Traffic Types (Here i don’t know if i have to setup a Label) # Guest Network Label: „Use default gateway“ # Management (Should be native on preconfigured Bridge brcsmm1) Network Label: brcsmm1 Pod1 VLAN/VNI: vlan://untagged # Public (Here i don’t know if i have to setup a Label, and/or VNI) Network Label: „Use default gateway“ VLAN/VNI: vxlan://896 # Storage (Should be native on preconfigured Bridge brdrbd1) Network Label: brdrbd1 Pod1: no VLAN/VNI Interfaces: * lo * eno1 * eno2 * eno3 * eno4 * brdrbd1 * vxlan1026 * brcsmm1 * vxlan1028 * CS vnet1 (why?) * CS cloud0 (guest?) * CS vnet0 (why?) * CS brvx-896 (public?) * CS vnet2 (why?) * CS vxlan896 All interfaces in the list starting with CS are created by cloudstack. Best Regards, Jan Von: Júlíus Þór Bess <[email protected]> Datum: Dienstag, 3. Februar 2026 um 18:47 An: [email protected] <[email protected]> Betreff: Re: AW: AW: VXLAN-EVPN Bridge Name and Traffic Labels Also, please show the output of: /ip -d link show dev vxlan1026/ Did you create that vxlan interface before installing cloudstack? On 2/3/26 2:30 PM, Jan Vöhringer via users wrote: > Hi, > > the vlan script will be executed because in the wizard i used only the > number, without vxlan:// prefix. > If no Prefix is given, VLAN will be used. I thought, if i choose type VXLAN, > the VNI will be used and not the VLAN-ID. (CloudStack 4.21.0.0 ) > > Because of that, I’m a step further now, but i don’t know how to use the > Pubic and Guest Traffic as VXLAN on a bridge (without an IP for the > Hypervisor) > Should the Guest and Traffic also have a label and/or an VNI (or should i > create a dedicated bridge for Guest and Public)? > > brvx is down until a VXLAN sub-interface is added… > > > [root@kvm01 ~]# brctl show > bridge name bridge id STP enabled interfaces > brcsmm1 8000.4ee1bcb57803 no vxlan1028 > brdrbd1 8000.f6bdcd5a28d2 no vxlan1026 > brvx 8000.000000000000 no > > [root@kvm01 ~]# ip -br link show > lo UNKNOWN 00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> > eno1 UP 00:0e:1e:96:a0:40 > <BROADCAST,MULTICAST,UP,LOWER_UP> > eno2 UP 00:0e:1e:96:a0:42 > <BROADCAST,MULTICAST,UP,LOWER_UP> > eno3 UP 00:0e:1e:96:a0:44 > <BROADCAST,MULTICAST,UP,LOWER_UP> > eno4 UP 00:0e:1e:96:a0:46 > <BROADCAST,MULTICAST,UP,LOWER_UP> > brdrbd1 UP f6:bd:cd:5a:28:d2 > <BROADCAST,MULTICAST,UP,LOWER_UP> > vxlan1026 UNKNOWN f6:bd:cd:5a:28:d2 > <BROADCAST,MULTICAST,UP,LOWER_UP> > brcsmm1 UP 4e:e1:bc:b5:78:03 > <BROADCAST,MULTICAST,UP,LOWER_UP> > vxlan1028 UNKNOWN 4e:e1:bc:b5:78:03 > <BROADCAST,MULTICAST,UP,LOWER_UP> > brvx DOWN 00:00:00:00:00:00 > <NO-CARRIER,BROADCAST,MULTICAST,UP> > > Jan > > > Von: Júlíus Þór Bess<[email protected]> > Datum: Dienstag, 3. Februar 2026 um 14:20 > An:[email protected] <[email protected]> > Betreff: Re: AW: VXLAN-EVPN Bridge Name and Traffic Labels > > Hi, > > Please show the output of "brctl show" and "ip -br link show" > > I suspect the GUEST network is inheriting brcsmm1 from Management since > GUEST is not assigned a label. > > > On 2/3/26 6:31 AM, Jan Vöhringer via users wrote: >> Hi Júlíus, >> >> thank you for your message. >> >> i’ve created again a new zone (new DB from scratch) and do following traffic >> tags: >> >> Physical Network 1, Isolation Method: VXLAN >> >> * >> GUEST (without Label) >> * >> MANAGEMENT (brcsmm1) >> * >> PUBLIC (without Label) >> * >> STORAGE (brdrbd1) >> >> log show: Error: argument "brvxlan1028-1096" is wrong: "name" not a valid >> ifname Failed to create br: brvxlan1028-1096 >> >> Failed to create vnet 1096: Error: argument "brvxlan1028-1096" is wrong: >> "name" not a valid >> ifname/usr/share/cloudstack-common/scripts/vm/network/vnet/modifyvlan.sh: >> line 59: /proc/sys/net/ipv6/conf/brvxlan1028-1096/disable_ipv6: No such file >> or directoryCannot find device "brvxlan1028-1096"Failed to create br: >> brvxlan1028-1096 >> >> brvxlan1028-1096 - don’t know why this is used or created, brvxlan1028 is >> brcsmm1 with subinterface vxlan1028 >> 1096 is my public guest Network, but i didn’t used it in the wizard. >> >> and i can’t explain why still modifyvlan instead of modifyvxlan is used. >> Maybe if NO Traffic Label is set, it uses modifyvlan? >> >> Best Regards, >> Jan >> >> >> Von: Júlíus Þór Bess<[email protected]> >> Datum: Montag, 2. Februar 2026 um 18:10 >> An:[email protected] <[email protected]> >> Betreff: Re: VXLAN-EVPN Bridge Name and Traffic Labels >> >> Hi Jan, >> >> Max ifname length is 15 characters, so yes. The ifname of >> brvxlan1028-1096 is too long. >> >> Did you replace the modify-vxlan.sh with the EVPN-VXLAN version? >> Otherwise you're using the multicast version. >> >> I also notice that the modifyvlan.sh (notice vlan, not vxlan) is >> executing and trying to create a VLAN on a traditional bridge... That's >> probably not what you want. What should happen is that modifyvxlan.sh >> should have created another bridge named brvx1096 which should have a >> bridge slave of vxlan1096. Names might not be entirely correct but you >> probably get what I mean. >> >> On 2/2/26 4:56 PM, Jan V�hringer via users wrote: >>> Hi Cloudstack Community, >>> >>> i have trouble with the Zone/Welcome Wizard in Cloudstack - the System >>> VMs are in a deployment/reboot loop. >>> Maybe because of the wrong or too long Bridge Name for VXLAN with EVPN. >>> >>> * >>> Setup modify sh for VXLAN with EVPN >>> * >>> The Hosts have two physical NICs: >>> o >>> eno1 = Transfer LAN-1 OSPF 172.16.11.2/30 >>> o >>> eno2 = Transfer LAN-2 OSPF 172.16.12.2/30 >>> o >>> lo = Loopback for BGP with EVPN 10.1.0.1/32 >>> o >>> brdrbd1 = Bridge for DRBD / Linstor Traffic 10.10.26.101 /24 >>> + >>> vxlan1026 as Subinterface, added by NMCLI >>> o >>> brcsmm1 = Bridge for Cloudstack Management Traffic >>> 10.10.28.101 /24 >>> + >>> vxlan1028 as Subinterface, added by NMCLI >>> >>> >>> i’m looking for „normal“ VXLAN Bridges like brvxlan2001 for example >>> customer1... >>> >>> After the Wizard completes, the Systems VMs are permanently >>> rebooted/deployed. And the Wizard create following Interfaces: cloud0 >>> and vxlan1028.1096@vxlan1028 >>> >>> Log Show (1096 should be the public VXLAN): >>> "“result”:“false”,“details”:“Failed to create vnet 1096: Error: >>> argument \"brvxlan1028-1096\" is wrong: \"name\" not a valid ifname... >>> Cannot find device \"brvxlan1028-1096\" Failed to create br: >>> brvxlan1028-1096” >>> Failed to create vnet 1096: Error: argument "brvxlan1028-1096" is >>> wrong: "name" not a valid >>> ifname/usr/share/cloudstack-common/scripts/vm/network/vnet/modifyvlan.sh: >>> line 59: /proc/sys/net/ >>> ipv6/conf/brvxlan1028-1096/disable_ipv6: No such file or >>> directoryCannot find device "brvxlan1028-1096"Failed to create br: >>> brvxlan1028-1096 >>> >>> >>> i’ve following setups without success: >>> SCR-20260129-kvah.png >>> and >>> image.png >>> >>> have someone a idea how to create the Interfaces and Traffic Types? >>> >>> Best Regards, >>> Jan
