Thanks for the quick response.
So far, I've only got 1 Organization an 1 Org vDC. I do see the network pool showing as 100% used. I did create an Org Network. So, I deleted the single vApp I created and the Org Network and now I see the network pool at 0% used. So, if I understand correctly, the Org Network was using the network pool? if that was the case, why couldn't I connect the vApp to it? And why was it telling me I was out of networks?
Thanks,
Scott
an org network is like a network that any VM/vApp can connect to.
if you make an org network, create a vApp and attach the VM directly to the org network.
However, if you only have 1 port group in the network pool ... you ONLY get 1 network (org or vapp) not both.
In almost every case I have seen, they don't use a Port Group Backed pool .... VXLAN or vCNI are the more common options. mostly since a single vLAN = 1000+ networks.
If you wanted a network to go to the "outside world" delete your network pool (unlink from the org vdc after all are deleted), create an external network in system (using the port group) ... make an external network in the organization linked to the one in system. then putting a VM on that network will put it directly into the outside network.
having a network pool could make an additional layer. like having a local network with a gateway to the outside world.
I have a solution.
A few things were wrong, but the change that finally fixed the issue was to correct the SSL certificates on the two ESX hosts. It seems that the dns names were not resolving properly when these hosts were installed, and the certificates did not have the correct hostnames in the CN entry of the SSL certificates.
Bringing each host out of vCenter, updating the SSL certs, rebooting, and re-adding to vCenter (and preparing and adding into vCD) seemed to fix all the issues. I consider it a possibility that the act of removing it completely and re-adding it could have actually been the fix, but the certificate theory seems more rational given the errors I was seeing the logs before.
OK. Thanks for the advice. I think that makes sense. I'll have to play around with this a bit more.
Hello Everyone,
I am running into a bit of a problem and just wondering if anyone has came across it and have a possible solution.
Here is my setup:
Cloud Director 5.1
8 x R710 hosts with Intel Xeon x5690 @3.47Ghz
4 x R720 hosts with Intel Xeon E5-2690v2 @3GHz (these are new hosts to be added)
One cluster for all 12 hosts
The problem I am seeing is that when a user deploy and new vApp and has no customization setting. They are force to reboot because the Windows is detecting new hardware since the last time it was deployed. This is because the new hosts have different CPU, RAM, and a lot of other things. This is causing a lot of problems to our automation process.
Is there a way to mask the VM's so that they can't see the changes in the hardware?
What are my options?
Thanks,
Ken
In this case you have to route two different subnet IP address.
Take care!
You should not blend hardware, especially between two very different generations of Intel hardware. you can try to enable EVC (enhanced vmotion compatibility) to mask out the extra features of the newer processors. I'm not sure how effective that will be.
However, we can't help if Windows detects new hardware since it's a different core architecture and may want to change accordingly.
I have EVC turned on and it does help with vMotion but not the problem I am seeing. I know ideally, you would have the same hardware in your cluster but when you are adding capacity, there isn't much that you can do because you can not buy old hardware any more.
Is it possible to have 2 different clusters and one resource pool for vCloud?
Thanks,
you can have an elastic provider, assuming you are using Pay-Go or Elastic Allocation Pools (enable it in general settings).
this means we'll deploy to one cluster until it's full, then overflow to the new cluster. you can also ask VMs to be moved from one resource pool to another.
To be able to do an elastic Provider, I think you need to use VXLAN to span the two clusters together.
more information on the requirements here
for the system that's not working, are you running Java 7 update 51? is it the 32bit version (required)? also check for duplicate plugins, supported browsers, etc.
Nobody has run a vulnerability scan on their vCD environment?
I don't have VCD Elastic turn on at the moment. I would imagine it's not just something that I can enable and add the new cluster in and not making major changes to the Provider VCD and causing an outage.
I have VXLAN setup and that takes care of that part. Having 2 clusters will reduce the inconsistency of where and when the VM's will land causing new hardware detection reboots.
I don't think our automation process will be able to detect which cluster to VM's are landing in and be able to deal with the reboots.
This solution worth considering... Thanks for the suggestion.
If you already have VXLAN enabled, you can split the 4 new hosts out to a new cluster ... verify VXLAN works, then add the additional resource pool to the provider. that's done for the elastic part.
when in elastic mode you'll have a 'primary' and multiple 'secondary' pools. from a programming perspective, it doesn't change ... since you target an Org vDC (not the pools/clusters which back them).
Great... Thanks for the information.
Hi,
Thanks for your investigation and sharing the solution! I'll follow up on creating a KB article.
Best Regards,
Andrii
Hi,
Thanks for your answer.
Is VMRC related to java ?
Anyway, i have tried with java using several updates (32 bits version), on several OS (win 2008 R2 - Win 7 all fresh installed) and several browsers (IE - Firefox) without any positive results.
Have you ever tried such kind of setup (contacting vcloud director from within vcloud director) ?
Can VMRC be impacted by natting ?
We have some templates in catalogs which randomly lose the "never expire" set on their lease. The global setting is set to never expire.
The templates don't actually expire but there is always only 1 hour left on the lease..
Going to the properties in the catalog it shows "Unable to perform this action. Contact your cloud administrator."
We cannot reset the lease, it never actually expires but we cannot deploy anything from these templates as that errors with "This operation is denied. Unable to perform this action. Contact your cloud administrator.". Nor can we delete, move, copy etc.
It's version 5.5 of VCD
Any ideas please ?
thanks
Niamh
Hello Gents.
Recently I've deployed vCloud Director/vShield infrastructure to utilize VXLAN functionality. The main purpose of activity was to create completly isolated ethernet domains across 2 VMWare ESXi 5.0 hosts w/o utilizing ttraditional VLAN. The reason why not to use VLAN is out of scope of this document. But in short there is limitation on VLAN usage on upstream N5K connecting these 2 hosts.
So I've deployed VXLAN using very clear document "VMware® VXLAN Deployment Guide". Finally I've obtained neccessary segments as shown in attach. Then I've reconnected relevant interfaces of POD's virtual appliances as consequently shown in attach. Topology in short is 2 sites connected via "Internet" as follows:
1) vA of Cisco CRS1K ("left") is connected by 2 uplink interfaces to isolated PG InsideSite1 (isolated sid 5004)
2) cluster of 2vA of Cisco ASA8.4(2) ("left") is connected by 1 downliks (each) to isolated PG InsideSite1
3) "left" ASAs (active and standby) is interconnected each to other for purpose of clustering with 2 links: ASA1-HA-Failover (sid 5000) and ASA1-HA-StatefulFailover (sid 5001)
4) vA of Cisco CRS1K ("right") is connected by 2 uplink interfaces to isolated PG InsideSite2 (isolated sid 5005)
5) cluster of 2vA of Cisco ASA8.4(2) ("right") is connected by 1 downliks (each) to isolated PG InsideSite2
6) "right" ASAs (active and standby) is interconnected each to other for purpose of clustering with 2 links: ASA2-HA-Failover (sid 5002) and ASA2-HA-StatefulFailover (sid 5003)
7) both "left" and "right" clusters has "internet" connectivity with the help of uplinks in (standard VLAN) distributed PGs similar to:
interface GigabitEthernet1.1071
vlan 1071
nameif OUTSIDE
security-level 0
ip address 10.255.71.1 255.255.255.0 standby 10.255.71.2
8) each device of the POD has management interface connected to specific (standard VLAN) management distributed PG
POD is operational and works as expected, EXCEPT:
I observe broadcast leaks between the "left" and "right" ASA's failover interfaces:
%ASA-4-405001: Received ARP request collision from 10.0.0.1/0050.5697.3340 on interface FAILOVER with existing ARP entry 10.0.0.1/0050.5697.1cd4
Moreover on INSIDE interfaces of ASAs I observe martian broadcasts from completely unknown devices which are absent in my datacenter:
%ASA-6-302015: Built inbound UDP connection 4781 for INSIDE:10.10.10.11/138 (10.10.10.11/138) to OUTSIDE:10.10.255.255/138 (10.10.255.255/138)
First, I dont understand HOW traffic can leak between completely isolated VXLANs as it exposed on ASA's Failover interface?
Second, HOW can martian traffic can enter in VXLAN? I must clarify that multicast groups I've utilized may not be dedicated exclusively to my POD, because there are a lot of different testers and developers in our LAB.
But VTEP on each of the datacenter hosts first looks at the encapsulation header and if the 24-bit value of VXLAN identifier matches with the logical Layer 2 network ID, it removes the encapsulation header and delivers the packet to the virtual machine, doesnt it?
I'll appreciate any help/explanation of described behavior
8) each device of the POD has management interface connected to specific (standard VLAN) management distributed PG
Hello Gents.
Odd bevavior of VXLAN is observed: upstream switch (where 2 VTEPs connected to) can learn MAC-addresses of VXLANed interfaces of VMs. If I understand VXLAN RFC correctly, upstream switch must learn only VTEP's MAC-adresses in VLAN-ID which is used as outer 802.1q tag while carrying VXLANed ethernet payload. But I also can see that upstream switch also learns inner MACs of encapsulated ethernet payload. Is there any explanation of this weird stuff?
Does anyone know of a way to run a OS script (.bat or perl) as soon as a VM is up and running in vCD? Can this be done with Standard vCD or is there another application with in the vCD Suite which can/does do this?
This would be a use case where we are attempting to automatically setup a test environment for developers or testers. Rather than have those users run the script, as soon as the VM is up and running, the script(s) would be run automatically.
Thanks!
Paul