Hi CS-Community, thank you guys - now the system vms are up.
To use a dedicated (already configured) VXLAN Bridge for Management and Storage, set the Labels on the Networks in Cloudstack. (Labels = Bridgename) VLAN/VNI is empty/not set in the Wizard, because VXLAN Interface already configured as Subinterface. IP Addresses are set on the Bridges (Not Subinterfaces). For Guest and Public, i want to use VXLAN from Cloudstack. So you don’t have to create any Interface/Bridge. I’ve set no Label on Guest and Public. But i defined a vxlan://VNI for the Public Network. First, the consoleproxy won’t get the configuration from the Management, because the wrong „Host“ and „Management Network CIDR“ in the Global Settings are wrong. (System VM can’t Reach CS Management) Second, the secondarystoragevm won’t boot, because of: https://github.com/apache/cloudstack/pull/11557#issuecomment-3284301555 Now i’m ready to play with VXLAN -Guest and -Public Networks 😊 Interface Summary: # System Interfaces lo = Loopback for VTEP 10.1.0.1/32 (BGP with EVPN) eno1 = OSPF Interface1-to-Leaf1 172.16.11.2/30 eno1 = OSPF Interface2-to-Leaf2 172.16.12.2/30 # Created Interfaces brdrbd1 = Storage/DRBD Bridge: 10.10.26.101/24 vxlan1026 = VXLAN/VNI Subinterface of brdrbd1 brcsmm1 = Cloudstack Management Bridge: 10.10.28.101/24 vxlan1028 = VXLAN/VNI Subinterface of brcsmm1 # by Cloudstack Created Interfaces cloud0 = Internal Communication 169… brvx-896 = Public Bridge with vxlan896 as subinterface # Cloudstack Wizard: Physical Network Isolation Method: VXLAN - VLAN/VNI: 200-299 Traffic Type Guest: no Label, no VLAN/VNI (currently) Traffic Type Management: Label: brcsmm1, vlan://untagged Traffic Type Public: no Label, vxlan://896 Traffic Type Storage: Label: brdrbd1, no VLAN/VNI set. Best Regards! Von: Jan Vöhringer via users <[email protected]> Datum: Mittwoch, 4. Februar 2026 um 16:23 An: [email protected] <[email protected]> Cc: Jan Vöhringer <[email protected]> Betreff: AW: VXLAN-EVPN Bridge Name and Traffic Labels look like: https://github.com/apache/cloudstack/issues/9920 or/and https://github.com/apache/cloudstack/issues/10659 Von: Jan Vöhringer via users <[email protected]> Datum: Mittwoch, 4. Februar 2026 um 15:27 An: [email protected] <[email protected]> Cc: Jan Vöhringer <[email protected]> Betreff: AW: VXLAN-EVPN Bridge Name and Traffic Labels Hi, i think i have a missconfiguration in the hypervisor or cloudstack network setup. i don’t get it yet, if i have to configure only the labels, VNI as vxlan://xxx or only the vni? # agent.log 2026-02-04 15:19:50,575 WARN [cloud.agent.Agent] (AgentRequest-Handler-2:[]) (logid:db4b4a31) Caught: java.lang.NullPointerException: Cannot invoke "java.net.URI.getScheme()" because "uri" is null at com.cloud.network.Networks$BroadcastDomainType.getSchemeValue(Networks.java:180) at com.cloud.network.Networks$BroadcastDomainType.getValue(Networks.java:234) at com.cloud.hypervisor.kvm.resource.BridgeVifDriver.plug(BridgeVifDriver.java:258) at com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.createVif(LibvirtComputingResource.java:3816) at com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.createVifs(LibvirtComputingResource.java:3395) at com.cloud.hypervisor.kvm.resource.wrapper.LibvirtStartCommandWrapper.execute(LibvirtStartCommandWrapper.java:86) at com.cloud.hypervisor.kvm.resource.wrapper.LibvirtStartCommandWrapper.execute(LibvirtStartCommandWrapper.java:52) at com.cloud.hypervisor.kvm.resource.wrapper.LibvirtRequestWrapper.execute(LibvirtRequestWrapper.java:78) at com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:2240) at com.cloud.agent.Agent.processRequest(Agent.java:813) at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:1295) at com.cloud.utils.nio.Task.call(Task.java:83) at com.cloud.utils.nio.Task.call(Task.java:29) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) #server.log 2026-02-04 15:19:54,532 DEBUG [c.c.c.ClusterManagerImpl] (Cluster-Worker-1:[ctx-7e3fcb09]) (logid:df2760cd) Cluster PDU 60642730048 -> 60642730048. agent: 0, pdu seq: 344, pdu ack seq: 0, json: {"managementServerHostId":1,"managementServerHostUuid":"16e35d78-6374-47a0-a1b0-4634fdb744e8","managementServerRunId":1770194189343,"collectionTime":"Feb 4, 2026, 3:19:54 PM","sessions":1,"cpuUtilization":0.0,"totalJvmMemoryBytes":840957952,"freeJvmMemoryBytes":117792376,"maxJvmMemoryBytes":1908932607,"processJvmMemoryBytes":0,"jvmUptime":20628677,"jvmStartTime":1770194165702,"availableProcessors":32,"loadAverage":1.49,"totalInit":2155151360,"totalUsed":991749344,"totalCommitted":1115422720,"pid":293416,"jvmName":"293416@kvm01","jvmVendor":"Red Hat, Inc.","jvmVersion":"17.0.17+10-LTS","osDistribution":"AlmaLinux 9.7 (Moss Jungle Cat)","lastAgents":[],"agents":["f9e7dc26-4e18-4d59-9d00-5bd5325dd903"],"agentCount":1,"heapMemoryUsed":726020256,"heapMemoryTotal":1908932608,"threadsBlockedCount":0,"threadsDaemonCount":18,"threadsRunnableCount":24,"threadsTerminatedCount":0,"threadsTotalCount":400,"threadsWaitingCount":293,"systemMemoryTotal":269865910272,"systemMemoryFree":247759982592,"systemMemoryUsed":1849740,"systemMemoryVirtualSize":21610323968,"logInfo":"","systemTotalCpuCycles":60403.61999999999,"systemLoadAverages":[1.49,1.51,1.44],"systemCyclesUsage":[14800115,8539954,3830617237],"dbLocal":false,"usageLocal":false,"systemBootTime":"Jan 21, 2026, 10:06:10 AM","kernelVersion":"5.14.0-611.16.1.el9_7.x86_64"} 2026-02-04 15:19:54,532 DEBUG [c.c.c.ClusterServiceServletImpl] (Cluster-Worker-1:[ctx-7e3fcb09]) (logid:df2760cd) Executing ClusterServicePdu with service URL: https://10.10.28.101:9090/clusterservice 2026-02-04 15:19:54,536 ERROR [c.c.c.ClusterServiceServletImpl] (Cluster-Worker-1:[ctx-7e3fcb09]) (logid:df2760cd) Exception from : https://10.10.28.101:9090/clusterservice, method : null, exception : javax.net.ssl.SSLPeerUnverifiedException: Certificate for <10.10.28.101> doesn't match any of the subject alternative names: [192.168.88.168, kvm01, cloudstack.internal] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at com.cloud.cluster.ClusterServiceServletImpl.executePostMethod(ClusterServiceServletImpl.java:143) at com.cloud.cluster.ClusterServiceServletImpl.execute(ClusterServiceServletImpl.java:106) at com.cloud.cluster.ClusterManagerImpl.onSendingClusterPdu(ClusterManagerImpl.java:279) at com.cloud.cluster.ClusterManagerImpl$1.runInContext(ClusterManagerImpl.java:239) at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53) at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) Best Regards, Jan Von: Jan Vöhringer via users <[email protected]> Datum: Mittwoch, 4. Februar 2026 um 11:09 An: [email protected] <[email protected]> Cc: Jan Vöhringer <[email protected]> Betreff: AW: AW: AW: VXLAN-EVPN Bridge Name and Traffic Labels Hi, yes, i create the the VXLAN Interfaces first, then install Cloudstack. * vxlan1026 on bridge brdrbd1 * vxlan1028 on bridge brcsmm1 i think those are good. the consoleproxy vm is now up. but the secondarystoragevm still failing. # Physical Network Isolation Method: VXLAN VLAN/VNI: 200-299 Traffic Type: Guest, Management, Public, Storage Range: Zone ## Traffic Types (Here i don’t know if i have to setup a Label) # Guest Network Label: „Use default gateway“ # Management (Should be native on preconfigured Bridge brcsmm1) Network Label: brcsmm1 Pod1 VLAN/VNI: vlan://untagged # Public (Here i don’t know if i have to setup a Label, and/or VNI) Network Label: „Use default gateway“ VLAN/VNI: vxlan://896 # Storage (Should be native on preconfigured Bridge brdrbd1) Network Label: brdrbd1 Pod1: no VLAN/VNI Interfaces: * lo * eno1 * eno2 * eno3 * eno4 * brdrbd1 * vxlan1026 * brcsmm1 * vxlan1028 * CS vnet1 (why?) * CS cloud0 (guest?) * CS vnet0 (why?) * CS brvx-896 (public?) * CS vnet2 (why?) * CS vxlan896 All interfaces in the list starting with CS are created by cloudstack. Best Regards, Jan Von: Júlíus Þór Bess <[email protected]> Datum: Dienstag, 3. Februar 2026 um 18:47 An: [email protected] <[email protected]> Betreff: Re: AW: AW: VXLAN-EVPN Bridge Name and Traffic Labels Also, please show the output of: /ip -d link show dev vxlan1026/ Did you create that vxlan interface before installing cloudstack? On 2/3/26 2:30 PM, Jan Vöhringer via users wrote: > Hi, > > the vlan script will be executed because in the wizard i used only the > number, without vxlan:// prefix. > If no Prefix is given, VLAN will be used. I thought, if i choose type VXLAN, > the VNI will be used and not the VLAN-ID. (CloudStack 4.21.0.0 ) > > Because of that, I’m a step further now, but i don’t know how to use the > Pubic and Guest Traffic as VXLAN on a bridge (without an IP for the > Hypervisor) > Should the Guest and Traffic also have a label and/or an VNI (or should i > create a dedicated bridge for Guest and Public)? > > brvx is down until a VXLAN sub-interface is added… > > > [root@kvm01 ~]# brctl show > bridge name bridge id STP enabled interfaces > brcsmm1 8000.4ee1bcb57803 no vxlan1028 > brdrbd1 8000.f6bdcd5a28d2 no vxlan1026 > brvx 8000.000000000000 no > > [root@kvm01 ~]# ip -br link show > lo UNKNOWN 00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> > eno1 UP 00:0e:1e:96:a0:40 > <BROADCAST,MULTICAST,UP,LOWER_UP> > eno2 UP 00:0e:1e:96:a0:42 > <BROADCAST,MULTICAST,UP,LOWER_UP> > eno3 UP 00:0e:1e:96:a0:44 > <BROADCAST,MULTICAST,UP,LOWER_UP> > eno4 UP 00:0e:1e:96:a0:46 > <BROADCAST,MULTICAST,UP,LOWER_UP> > brdrbd1 UP f6:bd:cd:5a:28:d2 > <BROADCAST,MULTICAST,UP,LOWER_UP> > vxlan1026 UNKNOWN f6:bd:cd:5a:28:d2 > <BROADCAST,MULTICAST,UP,LOWER_UP> > brcsmm1 UP 4e:e1:bc:b5:78:03 > <BROADCAST,MULTICAST,UP,LOWER_UP> > vxlan1028 UNKNOWN 4e:e1:bc:b5:78:03 > <BROADCAST,MULTICAST,UP,LOWER_UP> > brvx DOWN 00:00:00:00:00:00 > <NO-CARRIER,BROADCAST,MULTICAST,UP> > > Jan > > > Von: Júlíus Þór Bess<[email protected]> > Datum: Dienstag, 3. Februar 2026 um 14:20 > An:[email protected] <[email protected]> > Betreff: Re: AW: VXLAN-EVPN Bridge Name and Traffic Labels > > Hi, > > Please show the output of "brctl show" and "ip -br link show" > > I suspect the GUEST network is inheriting brcsmm1 from Management since > GUEST is not assigned a label. > > > On 2/3/26 6:31 AM, Jan Vöhringer via users wrote: >> Hi Júlíus, >> >> thank you for your message. >> >> i’ve created again a new zone (new DB from scratch) and do following traffic >> tags: >> >> Physical Network 1, Isolation Method: VXLAN >> >> * >> GUEST (without Label) >> * >> MANAGEMENT (brcsmm1) >> * >> PUBLIC (without Label) >> * >> STORAGE (brdrbd1) >> >> log show: Error: argument "brvxlan1028-1096" is wrong: "name" not a valid >> ifname Failed to create br: brvxlan1028-1096 >> >> Failed to create vnet 1096: Error: argument "brvxlan1028-1096" is wrong: >> "name" not a valid >> ifname/usr/share/cloudstack-common/scripts/vm/network/vnet/modifyvlan.sh: >> line 59: /proc/sys/net/ipv6/conf/brvxlan1028-1096/disable_ipv6: No such file >> or directoryCannot find device "brvxlan1028-1096"Failed to create br: >> brvxlan1028-1096 >> >> brvxlan1028-1096 - don’t know why this is used or created, brvxlan1028 is >> brcsmm1 with subinterface vxlan1028 >> 1096 is my public guest Network, but i didn’t used it in the wizard. >> >> and i can’t explain why still modifyvlan instead of modifyvxlan is used. >> Maybe if NO Traffic Label is set, it uses modifyvlan? >> >> Best Regards, >> Jan >> >> >> Von: Júlíus Þór Bess<[email protected]> >> Datum: Montag, 2. Februar 2026 um 18:10 >> An:[email protected] <[email protected]> >> Betreff: Re: VXLAN-EVPN Bridge Name and Traffic Labels >> >> Hi Jan, >> >> Max ifname length is 15 characters, so yes. The ifname of >> brvxlan1028-1096 is too long. >> >> Did you replace the modify-vxlan.sh with the EVPN-VXLAN version? >> Otherwise you're using the multicast version. >> >> I also notice that the modifyvlan.sh (notice vlan, not vxlan) is >> executing and trying to create a VLAN on a traditional bridge... That's >> probably not what you want. What should happen is that modifyvxlan.sh >> should have created another bridge named brvx1096 which should have a >> bridge slave of vxlan1096. Names might not be entirely correct but you >> probably get what I mean. >> >> On 2/2/26 4:56 PM, Jan V�hringer via users wrote: >>> Hi Cloudstack Community, >>> >>> i have trouble with the Zone/Welcome Wizard in Cloudstack - the System >>> VMs are in a deployment/reboot loop. >>> Maybe because of the wrong or too long Bridge Name for VXLAN with EVPN. >>> >>> * >>> Setup modify sh for VXLAN with EVPN >>> * >>> The Hosts have two physical NICs: >>> o >>> eno1 = Transfer LAN-1 OSPF 172.16.11.2/30 >>> o >>> eno2 = Transfer LAN-2 OSPF 172.16.12.2/30 >>> o >>> lo = Loopback for BGP with EVPN 10.1.0.1/32 >>> o >>> brdrbd1 = Bridge for DRBD / Linstor Traffic 10.10.26.101 /24 >>> + >>> vxlan1026 as Subinterface, added by NMCLI >>> o >>> brcsmm1 = Bridge for Cloudstack Management Traffic >>> 10.10.28.101 /24 >>> + >>> vxlan1028 as Subinterface, added by NMCLI >>> >>> >>> i’m looking for „normal“ VXLAN Bridges like brvxlan2001 for example >>> customer1... >>> >>> After the Wizard completes, the Systems VMs are permanently >>> rebooted/deployed. And the Wizard create following Interfaces: cloud0 >>> and vxlan1028.1096@vxlan1028 >>> >>> Log Show (1096 should be the public VXLAN): >>> "“result”:“false”,“details”:“Failed to create vnet 1096: Error: >>> argument \"brvxlan1028-1096\" is wrong: \"name\" not a valid ifname... >>> Cannot find device \"brvxlan1028-1096\" Failed to create br: >>> brvxlan1028-1096” >>> Failed to create vnet 1096: Error: argument "brvxlan1028-1096" is >>> wrong: "name" not a valid >>> ifname/usr/share/cloudstack-common/scripts/vm/network/vnet/modifyvlan.sh: >>> line 59: /proc/sys/net/ >>> ipv6/conf/brvxlan1028-1096/disable_ipv6: No such file or >>> directoryCannot find device "brvxlan1028-1096"Failed to create br: >>> brvxlan1028-1096 >>> >>> >>> i’ve following setups without success: >>> SCR-20260129-kvah.png >>> and >>> image.png >>> >>> have someone a idea how to create the Interfaces and Traffic Types? >>> >>> Best Regards, >>> Jan
