01-31-2019 02:55 AM - edited 02-01-2019 01:00 AM
Hey folks,
I run into a big problem with DCNM 11.
Situation:
I have two bare metal servers installed with DCNM as native-HA. Both have IP addresses for eth0 (management) and eth1 (Switch Management).
DCNM1 eth0 has 10.10.11.1/24
DCNM2 eth0 has 10.10.11.2/24
DCNM VIP has 10.10.11.3/24
Our Radius Server has 172.17.0.100/16
Problem:
If I configure the AAA Radius Server and test the authentication, no packets are leaving the DCNM. If I configure LDAP (10.10.20.1/24), packets are leaving DCNM.
Reason:
DCNM has two virtual network adapters named "docker0" and "docker_gwbridge". IP Address of "docker0" is 172.17.0.1/16. This is the reason, why my radius request are not going out of the DCNM. It is routed internally. Does anyone have a solution for that problem? It would be nice, if you can configure both networks in setup,too.
DCNM routing table:
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 0 0 0 eth0
10.10.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.10.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
link-local 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
link-local 0.0.0.0 255.255.0.0 U 1007 0 0 eth1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker_gwbridge
Best regards
/Hugo
02-01-2019 12:00 AM
As workaround, I configured a script in both servers to add a host route. This works for me, but a general solution will be preferred. Configure the route only with "route add...." will add a temporary route. After rebooting the server, the route is deleted. This is why I add the route int the script.
[root@dcnm01 ~]# vi /etc/rc.local
insert: "/sbin/ip route add 172.17.0.100/32 via 10.10.11.254 dev eth0"
[root@dcnm01 ~]# chmod +x /etc/rc.d/rc.local
[root@dcnm02 ~]# vi /etc/rc.local
insert: "/sbin/ip route add 172.17.0.100/32 via 10.10.11.254 dev eth0"
[root@dcnm02 ~]# chmod +x /etc/rc.d/rc.local
/Hugo
02-07-2019 05:52 AM
Release Notes of DCNM 11.1.1 said, the bug is fixed, but it isn't.
Subnet 172.17 and 172.18/16 cannot be reached from DCNM |
(https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk02433)
I installed DCNM 11.1.1 in native HA, same problem. Docker IP addresses are in subnet 172.17.0.0/16 and 172.18.0.0/16
/Danny
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide