Resolving IP-Conflict Issues That Might Arise Due to IPAM Misconfiguration
search cancel

Resolving IP-Conflict Issues That Might Arise Due to IPAM Misconfiguration

book

Article ID: 406330

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

  • After migrating Virtual Services (VSes) to a new cloud, IPAM starts assigning duplicate IP addresses to VIPs, causing IP conflicts in the network.
  • As a result, there will be a traffic disruption for the users accessing the respective VSes 
  • For example, consider the following scenario:
    • The "Default-Cloud" is configured in the AVI system with the network "VIP-Test" on the subnet 192.168.1.0/24, set up to allocate IP addresses for VIPs.
    • An IPAM profile named "Test" is configured on this cloud, with the cloud type set to "Default-Cloud."
    • Later, the "Default-Cloud" is decommissioned, and a new vCenter cloud is added to the setup.
    • The new vCenter cloud uses the same network and subnet range as the old one and, therefore, discovers the network "VIP-Test" in the setup.
    • The same IPAM profile (where the cloud type is still set to "Default-Cloud") is mapped to the new vCenter cloud.
    • When a new VS is configured in the new cloud, 'VS VIP1' receives IP address 192.168.1.1(which is assigned from the old network)
    • Now, when the cloud type of the IPAM profile is modified to "vCenter", and when you create another VIP 'VS VIP2' the IP address 192.168.1.1 is assigned again(this time from the network range of the new cloud). This results in duplicate IP assignments, causing IP conflicts in the network.

Environment

  • VMware Avi Load Balancer

Cause

  • Even though the new Virtual Services are placed in the new vCenter cloud, the IPAM system continues to assign IP addresses from the old network due to an IPAM misconfiguration.

Resolution

To resolve the issue, the following steps can be taken:

  1. Rename the Network on the previous cloud: The network from the Default-cloud "VIP-TEST" can be renamed to any other name. For example, "VIP-TEST-DELETE", effectively removing any confusion caused by the same network name being used in both the old and new clouds
  2. Updating the VIP Address Allocation Network: Manually edit the "VIP Address Allocation Network" of the existing VS VIPs. In this scenario, we edited the VS VIP1's VIP Address allocation Network to "VIP-Test" with subnet "192.168.1.0/24" and saved the config.
  3. Now, when you delete and create the VS VIP2, IP address 192.1.68.1.2 will be assigned, avoiding the Ip conflict problem.

To avoid similar issues in the future, it is crucial to ensure that the "ipam_network_subnet" for the VIP configuration is selected from the same cloud as the VIP. This misconfiguration, where the "ipam_network_subnet" points to a network in a different cloud, will be blocked in future releases. Before proceeding with VIP configuration and IP allocation, users must verify that the IPAM network is correctly associated with the appropriate cloud_type and network to avoid potential IP conflicts.

Powered by Wolken Software