Tuesday, February 26, 2013

ApacheCon LiveBlog: CloudStack Top 10 Network Issues

This is a live blog from ApacheCon that I'm attending this week.  This session is by Kirk Kosinski.

Usual Live Blog Disclaimer: This is more of a brain dump typing as fast as I can, please excuse typos, format, and coherent thought process in general.

  • Kirk was an original cloud.com support engineer so he has seen a LOT over the years
  • # 1 Issue - VLANS! - biggest single reason for issues in CloudStack, check switch misconfiguration (Are all VLANs trunked by default?)
    • Does DHCP work for a certain number of the VMs? Lead indicator of this problem, vm's are running on the same host but the VLANs are messed up
    • So many reasons why VLANs could be a problem, this can be very hard to troubleshoot depending on the complexity of your environment (firewalls, layers of switches, etc)
  • #2 - Hypervisor problems - mostly network related again - NIC drivers, bonding (especially Xen), cabling, etc.
    • don't try to manually hack your management server database!
  • #3 Open vSwitch on XenServer - It is the default now. Make sure you run the latest patches!
  • #4 Security Groups - KVM, works out of the box most of the time, Xen, must enable Linux bridge back-end, must install Cloud Supplemental Pack (XS < 6.1), doesn't work on vSphere currently
  • #5 Host Connectivity - between hypervisors to system vm's and secondary storage
  • #6 CloudStack "Physical Networks" - not necessarily "physical", traffic labels - multiple NICS, etc.
  • #7 Console Proxy virtual machine - Connectivity from management server to end users web browser
    • check realhostip.com connection, check SSL cert status
  • #8 Templates - was it eth0 and you are now using eth1?, sysprep for Windows errors
  • #9 Password Reset Feature - reset script problems, check DHCP client & version
    • Daemon Problems - check 8080/tcp on virtual router (socat process, stop and restart)
  • #10 User and Meta-Data - Start/Stop vm, Start/Stop virtual router, Destroy/Recreate virtual router, check management-server.log

No comments: