I need to change the address space prefix in my virtual network configuration. How can I do this?
<LocalNetworkSites>
<LocalNetworkSite name="xxx-xxx-DC">
<AddressSpace>
<AddressPrefix>xx.xx.15.0/24</AddressPrefix>
<AddressPrefix>xx.xx.67.0/24</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>xx.xxx.xx.xx</VPNGatewayAddress>
</LocalNetworkSite>
</LocalNetworkSites>
Your extract shows the local network definition whilst your question seem to refer to the virtual network itself, but actually it doesn't really matter as the answer is the same - You can't change the address space for either on a created network.
You will have to
Export the configuration
Make the changes you require (make sure to change subnets as well)
Delete the network
Re-create the network by importing the modified configuration
Re-deploy your services
Yossi,
Is this a Microsoft supported solution?. The reason I ask is apart from having to create the vm's I also have to change the config on the local vpn side as the IP address of the gateway and shared key changes. Fortunately I only have 3 vm's but lets say I had 20, this would not be a sustainable solution at all.
I agree with user3120398 that this is not a viable and sustainable solution and it still seems to be modus operandi more than a year later :-(
Related
I'm getting odd behavior that I don't understand in dealing with vSphere and Terraform. My terraform code provisions a host in vSphere with a static network configuration (network, IP, mask, gateway, etc.), and on the first boot, it seems to be correct. The IP and relevant network settings are applied.
However on reboot, the network configuration falls back to DHCP, which fails.
I see in the /var/log/cloud-init.log file that on the first boot, it is able to successfully apply the config:
However after that, on reboot, it reverts to DHCP?
I noticed this issue when trying to bring up Consul on the host, and Consul complained that there wasn't an IPv4 address to bind to. So, when I rebooted, the IP was gone. So I don't think the address is applying correctly.
The terraform code works for DHCP based networks, but for some reason when I apply static configurations, it adds it once, and then doesn't seem like it keeps.
Anyone ever hit this similar issue?
Edit:
Troubleshooting further by reading the cloud-init debugs:
This is the first boot, which should be the base template.
The second boot, which should be the deployed host receiving the config from terraform -> cloud-init:
...it's a bug in vSphere.
https://kb.vmware.com/s/article/71264
Symptoms
Virtual Machine has cloud-init customization enabled and a static IP
After reboot the virtual machine is configured with DHCP
Cause
This issue occurs due to cloud-init considering the virtual machine as a new instance. This instance can not retrieve data from the datasource when there is no customization, and will have DatasourceNone applied defaulting to DHCP.
Resolution
Currently there is no resolution.
Workaround
To workaround this issue apply one of the following.workarounds:
Add the setting manual_cache_clean: True to the /etc/cloud/cloud.cfg for the customized virtual machine.
Uninstall cloud-init from the virtual machine
I want to do benchmarking against XDP LBs which are deployed within virtual machines. Besides these LBs, there exist a ingress switch (also a VM) which helps splitting the traffic to each LB.
Is ECMP the most-recommended way to be used within the ingress switch here? If it isn't, is there any better (or appropriate) way for my scerario?
I was earlier using ECMP but it's somehow not forwarding traffic properly (tcpdump at another machine didn't sniff any packets came out from it). I want to know that whether this is a feasible way before doing any further check against my ECMP configuration.
Any advice is appreciated!
I have two Azure Windows VMs on the same Vnet.
The second is a clone restored from a backup of the first, and I have changed its computer name, let's say I have called them vmOriginal (10.0.0.4) and vmClone (10.0.0.5).
I am testing communications between them using telnet to an open port on the other, as the simplest case.
This is successful in both directions using their local IP addresses.
vmOriginal can also telnet to vmClone by name.
But vmClone cannot telnet to vmOriginal by name (Could not open connection to the host, Connect failed).
How do I go about troubleshooting this?
Well this almost unbelievable. Turns out the problem was the Computer Name was too long (the ones I used above were for clarity only).
For Azure VMs, the computer name must actually be a maximum of 12 characters (even though Windows allows 15 when you set it in the Control Panel).
There is no warning about this from Azure.
For vNet DNS, Azure adds a domain to the computer names that is 51 characters long, which I guess represents the local vNet. It looks something like:
rifmvhdprmqxsebj4n0m6vnd2d.qx.internal.cloudapp.net
Adding the separator dot, there is only 12 spare characters allowed for the computer name.
Any longer than that, and the total expression will exceed the 64 character limit of DNS entries, meaning the computer will not be found in DNS and cannot be referenced by name on the network.
There is a feedback submission here which explains this exact situation, it's the only thing I found after hours of searching that put me on the right track.
https://feedback.azure.com/forums/216843-virtual-machines/suggestions/10197480-the-azure-vm-internal-dns-domain-names-are-too-lon
I don't understand why this problem isn't more widely known. Or better still, alerted in the Azure portal.
Or best of all, as the responder above points out, it should not be allowed to happen at all.
I have a slight problem bit of the back story. recently ive been trying to test out univention which is a linux distribution with the goal of being able to replace Microsoft active directory.
I tested it locally and all went reasonably well after a few minor issues i then decided to test it remotely as the company wants to allow remote users to access this so i used myhyve.com to host it and its now been setup successfully and works reasonably well.
however
my main problem is DNS based as when trying to connect to the domain the only way windows will recognize it is by editing the network adapter and setting ip v4 dns server address to the ip address of the server hosting the univention active directory replacement. although this does allow every thing to work its not ideal and dns look up on the internet are considerably longer. i was wondering if any one had any ideas or have done something similar and encountered this problems before and know a work around. i want to avoid setting up a vpn if possible.
after initially registering the computer on the domain i am able to remove the dns server address and just use a couple of amendments to the HOST file to keep it running but this still leads to having issues connecting to the domain controller sometimes and is not ideal. any ideas and suggestions would be greatly received.
.Michael
For the HOST entries, the most likely issue is, that there are several service records a computer in the domain needs. I'm not sure, whether these can be provided via the HOST file or not but you'll definitely have authentication issues if they are missing. To see the records your domain is using issue the following commands on the UCS system.
/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
For the slow resolution of the DNS records there are several points where you could start looking. My first test would be whether or not you are using a forwarder for the web DNS requests and whether or not the forwarder is having a decent speed. To check if you are using one, type
ucr search dns/forwarder
If you get a valid IP for either of the UCR Variables, dns/forwarder1, dns/forwarder2 or dns/forwarder3, you are forwarding your DNS requests to a different Server. If all of them are empty or not valid IPs then your server is doing the resolution itself.
Not using a forwarder is often slow, as the DNS servers caching is optimized for the AD operations, like the round robin load balancing. Likewise a number of ISPs require you to use a forwarder to minimize the DNS traffic. You can simply define a forwarder using ucr, I use Google on IPv4 for the example
ucr set dns/forwarder1='8.8.8.8'
The other scenario might be a slow forwarder. To check it try to query the forwarder directly using the following command
dig univention.com #(ucr get dns/forwarder1)
If it takes long, then there is nothing the UCS server can do, you'll simply have to choose a different forwarder from the ucr command above.
If neither of the above helps, the next step would be to check whether there are error messages for the named daemon in the syslog file. Normally these come when you are trying to manually remove software or if the firewall configuration got changed.
Kevin
Sponsored post, as I work for Univention North America, Inc.
I currently have one .local address (Bonjour) pointing to my mac in my intranet, mbp.local, configured in system preferences with the computer name. I use this to send my boss links to demos on my local server (he sits in a chair behind me : >).
I'd like to be able to create new .local addresses to send different demos to my boss (demo1.local, demo2.local, etc) so that I can switch to different working copies to do other work while the demos are still live.
I'd know how to setup Apache to route these requests to the right places, but am unsure if it's possible to make new addresses that point to my mac (I think this has to do with multicasting?).
I have a dynamic IP in my intranet but would be able to setup a static IP if required.
Are you talking about web site demos? I'm not sure I understand the problem. If they're web sites, I'm sure you already know you can simply use a single address with different urls, eg, http://mbp.local/demo1, http://mbp.local/demo2, etc. If it is something else entirely, you can use the Mac's local host file to point multiple fqdns to a single IP address on your local network, but it would be best to have a static IP. Alternatively, you could edit your DNS or WINS server to do the address translation.
I haven't done this myself, but I wonder if you could use what's documented here to start. The difference would be that you'll send your boss links to http://demo1.mbp.local and so on.
I found more about this on this thread on SuperUser.