VCFA Regional Networking creation fails with error about overlapping Private VPC IP CIDR
search cancel

VCFA Regional Networking creation fails with error about overlapping Private VPC IP CIDR

book

Article ID: 438574

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

When creating Regional Networking for an organization in VCF Automation, the task fails with a BAD_REQUEST error indicating a CIDR overlap.

This occurs when the Private VPC CIDR 172.30.0.0/16 conflicts with another IP block.

The following error message is observed in the UI or logs:

{error_message=VPC path=[/orgs/default/projects/<UUID>/vpcs/<ORG>-default-vpc] private IP CIDR 172.30.0.0/16 overlaps with external IP block CIDR 172.30.##.0/##., httpStatus=BAD_REQUEST, error_code=610773, module_name=policy}, errorType = INVALID_REQUEST

 

Environment

VMware Cloud Foundation Automation (VCFA) 9.0.x

Cause

The Private VPC CIDR cannot be updated via the Graphical User Interface (GUI) in VCFA 9.0.x.

If the default CIDR range overlaps with existing customer public IP blocks, the Regional Networking creation will fail.

Resolution

To resolve this issue, you must update the VPC CIDR using the VCFA REST API.

  1. First, take an SFTP backup of the Automation component in VCF Operations
  2. Delete the failed Regional Networking instance.
  3. Open a terminal and run the following commands to update the VPC CIDR. Replace the placeholders (<...>) with your environment-specific details:

    export VCFA_HOST='<VCFA_HOST>'
export ADMIN_USER='<ADMIN_USERNAME>' 
export ADMIN_PASS='<ADMIN_PASSWORD>'
export NEW_PRIVATE_VPC_CIDR='<NEW_CIDR>'  # Change this to a CIDR that doesn't overlap with customer's public IP CIDR, e.g. 172.21.0.0/16 

RESPONSE=$(curl -k -sS -D - --request POST \
  "https://${VCFA_HOST}/cloudapi/1.0.0/sessions/provider" \
  --header "Accept: application/json;version=40.0" \
  --user "${ADMIN_USER}@system:${ADMIN_PASS}")

TOKEN=$(printf '%s\n' "$RESPONSE" | grep -i '^x-vmware-vcloud-access-token:' | tr -d '\r' | awk '{print $2}')

curl -k --request PUT \
  --url "https://${VCFA_HOST}/cloudapi/1.0.0/site/configurations/urn:vcloud:configuration:networking.regionalNetworkingDefaultVpcPrivateSubnetCidr" \
  --header 'accept: application/json;version=40.0' \
  --header "authorization: Bearer ${TOKEN}" \
  --header 'content-type: application/json' \
  --data '{
  "name": "networking.regionalNetworkingDefaultVpcPrivateSubnetCidr",
  "typedValue": {
    "value": "'"${NEW_PRIVATE_VPC_CIDR}"'",
    "type": "StringEntry"
  }
}'

Additional Information

Always ensure that the NEW_PRIVATE_VPC_CIDR provided in the API call does not overlap with any existing infrastructure or public IP blocks assigned to the project or site.

Powered by Wolken Software