I have the openstack (microstack) environment where I have an Ubuntu Instance. Instance has both Internal and floating IP. I installed NextEPC there and bound the MME to Internal IP. I have an eNB(hardware) where I set the floating IP as MME address. But, the connectivity is not getting established between the MME and eNB. Is my configuration okay in this case? If not what should I do? I would be happy to see the expert's suggestions.
N.B. eNB's and Instance's floating IPs are from same network.
A lot of thanks.
I already come up with this issue. All I needed to add an SCTP security rule in the openstack environment. The protocol between eNB and MME is SCTP.By default there is no sctp rule in the openstack security group.
Related
I have a network problem that I can't solve, I have a server at hetzner and a server at OVH, I'm trying to use some OVH ip on my hetzner server and some Hetzner ip on my OVH server, because I need flexibility in my network.
My VMs are on proxmox, I created a vxlan between the 2 servers and I bridge the vxlan in the vmbr0 interface of proxmox on one side and it works but ovh and hetzner informed me that I was sending packet with wrong mac address, so I don't know what to do.
I'm really not an expert in computer networking.
Thank you in advance to all those who can help me.
VxLAN offers a lot of flexibility, however it might not be the best answer in this case. You may be better off using VPN tunnels between both cloud environments. That is, assuming you can have multiple VMs within the tenant on those providers, have them point their default gateways towards a VM within your control, and use that VM as a firewall/VPN concentrator. From there you can establish a S2S VPN between the cloud environments, and can NAT the traffic from your provider's WAN IP address to the appropriate host, whether locally, or at the remote environment.
If you must have L2 connectivity between your cloud environments, I can speak from experience only in a Juniper environment, and in that case we would place a vMX VM behind a vSRX VM. The vMX VM would act as the EVPN/VXLAN VTEP, and your VMs would set this as their default gateway. The vSRX would establish IPSEC S2S tunnels, through which data-center interconnect (DCI) traffic would flow. L2 traffic would flow through the vMX, where it would be encapsulated in a vxlan tunnel, which would route through the SRX, which would then encapsulate this in an encrypted IPSEC tunnel, before sending to the other data center. Details of this might be a little too complex for a stack exchange answer though.
Hope this helps point you in the right direction!
I've run into a problem adding IP's to an SME server VM.
Determining if ip address xxx.xxx.xxx.xx is already in use for device eth3...
Error, some other host(mac address) aleady uses address xxx.xxx.xxx.xx.
Now, of course, I started looking at other servers hosted in Proxmox and outside of it as well, finding no other device using the IP addresses in question.
You could ping one of the addresses, but not the other.
More precisely I could ping the local address, but not the public one.
I realised that the device using the IP's is actually Proxmox itself. When I disabled the interfaces in the host (ifdown vmbr6) I could assign the address to the server in question after that.
The IP's are configured like this in the Proxmox network tab.
vmbr6 Linux Bridge enp5s0f0 xxx.xxx.xxx.xx 255.255.255.0
Now I might add that the SME server is being migrated using this guide:
https://www.caretech.io/2017/10/17/migrating-virtualbox-vdi-to-proxmox-ve-5/
Though I don't think it's related to the networking issue.
So steps that I've taken to try and fix the issue are:
Rebooted the SME server
Restarted the networking service on the SME server
Rebooted Proxmox
Removed network interfaces from the SME server
Changed the interface model from VirtIO to IntelE1000
Tried changing the MAC addresses
I've been battling this issue for 2 days and any and all help would be appreciated. Kind of in a hurry to migrate our services from VirtualBox to Proxmox.
Thank you.
I have 2 instances running on Compute engine, although the documentation says that I'm able to ping and establish a communication between these VMs I can't. I've tried the ping with VM name and ipv4 address. I also tried to configure new work-group for both VMs and nothing.
Here's the link: https://cloud.google.com/compute/docs/vm-ip-addresses
If you are communicating between instances in the same network, you
can send packets to an instance using the instance name, and the
network automatically resolves the name to the internal IP address of
the instance.
My VMs configuration:
Both are in the same network
I even turn off the firewalls
But no connection between at all.
Anyone passed for the same? someone knows what is going on?
How do I solve this issue?
This is due to firewall rules. You need to add the allow-icmp network tag in the Network tags section of the instances edit page >
You can create new Network tags to open up new ports/protocols in the VPC Network>Firewall rules section:
EDIT 1:
Please note that the 0.0.0.0/0 subnet used on the screenshot above opens up the ports to the entire internet and I only used it for demonstration purposes to avoid sharing my IPs. I would STRONGLY advise against using that subnet for firewall rules in a production environment. The internet is a dark and scary place.
This happens to us from time to time - suddenly our 2 instances cannot reach each other through API or even ping. Even though we haven't changed any firewall rules or anything. I guess it's some GCloud glitch.
Nothing we have tried works, except for restarting the instances, then everything works again. So, if anyone has the same, and nothing seems to help the issue, I suggest, as a last resort, to reboot the instances.
Each network in Google Compute Engine has its own firewall configuration which by default will block incoming traffic to your VM. See the firewall documentation to see how the default network is configured and how to apply similar rules to your custom network.
Be sure the firewall rules include the GCE subnet. In your case, it would mean that 10.10.0.0/24 has icmp allowed.
I'm not sure why the firewall rules apply within the network subnet, but apparently they do.
If you did not change network and or firewall rules and use default network and firewall rules then simply edit hosts file (open hosts on all vm, copy hosts line for each vm and add its all other vm) and then try ping. I have tried same between three centos instance and its working.
Make sure you restart the network on VMs in order to work it fine.
This helped me pretty well.
We are attempting to use a Cisco ASA as a VPN as well as forward traffic to two servers.
Our ISP has given us a range of IP addresses that are sequential.
154.223.252.146-149
default GW of 154.223.252.145, we're using netmask 255.255.255.240
We have the first of these, 154.223.252.146, assigned to the external interface on our ASA and it’s successfully hosting our VPN service. It works great.
The next and final goal is to have 154.223.252.147 forward https traffic to 10.1.90.40 and 154.223.252.148 forward https traffic to 10.1.94.40.
Our current blocker is our inability to get the outside interface of the asa to respond to these ip addresses.
We’ve been able to use 154.223.252.146 to forward https traffic correctly. So we know that works.
I’ve plugged my laptop into the switch from our ISP and have successfully manually assigned 154.223.252.147 and 154.223.252.148 with the default gw of 154.223.252.145 and was happily connected. So we know the IP’s are there and available, we just need to convince the ASA to respond to them and use them to forward https.
We’ve tried plugging cables from the switch into other interfaces on the firewall. This failed because the netmask overlaps with our first outside interface 154.223.252.146 255.255.255.240, Cisco hates this and doesn’t allow it.
We’ve read documentation and have heard that it’s possible to assign a range of IPs to the ouside interface by defining a vlan. We do not know how to successfully make this work and out attempts have failed.
What's the best way to accomplish this configuration with a Cisco ASA?
You don't need to assign multiple IPs from the same range to more than one interface. That doesn't work with Cisco. Instead try a static one to one NAT for your Web server and terminate your VPN traffic on the IP address assigned to the interface.
Watch this video for one to one NAT:
https://www.youtube.com/watch?v=cNaEsZSsxcg
Cisco has an active scanning technology that was enabled on this ASA. We were able to diagnose it by intermittent bad behavior. After troubleshooting long enough we realized that some of the behavior couldn't be consistent with the changes we were making. So we started looking for things that the firewall would be trying to do by itself. That ended up helping us narrow it down. Disabling active scanning allowed our external vlan configurations to work. Now moving on to tightening up the configs.
I have read the VPN ability of OpenStack here:
Cloudpipe – Per Project Vpns
One simple question: Is it possible to implement a VPN environment on a non-"VLAN Networking mode" (i.e. "Flat DHCP mode")?
So when I access through the OpenVPN client, I'll be 'placed' on my project/tenant network subnet. I got a fixed/private IP, i.e. 10.5.5.x/24.
I'm using OpenStack Grizzly with Quantum (Flat DHCP mode).
I haven't used this. But being aware of openstack networking I can assure you that as long as your cloud pipe instance has a floatingip associated (be it vlan or flat mode) , you can do this. I hope you had figured this out yourselves as my answer comes too late. stackoverflow seem to be slowly filling up with more openstack people only recently.