Virtual Router/ Firewall/ VPN

Reply
Occasional Contributor
Posts: 9
Registered: ‎02-20-2017

Change from dhcp to static address on eth0

[ Edited ]

Hello,

 

I seem to be having trouble changing eth0 from dhcp to a static address. When changed using the below commands the Vyatta starts the process then become unavailable.  A reboot is then required to restore the last known saved config before the commit.

 

 

delete interface ethernet eth0 dhcp

set interface ethernet eth0 address 10.168.64.4/28

commit

 

The CLI returns

 

[ interfaces ethernet eth0 address dhcp ]

Stopping DHCP client on eth0 ...

 

This has been tested on vRouter 4500 and vRouter 5600 with the same outcome.  All vyattas are running on AWS.

 

I have a vRouter 4500 in a HA configuration which was implemented before my time and it has a static address assigned to both instance. Can anyone explain why this might be happening?

 

My environment is hosted in AWS.

 

Thanks,

 

Scott

 

 

Brocadian
Posts: 21
Registered: ‎06-17-2015

Re: Change from dhcp to static address on eth0

[ Edited ]

When you configure DHCP on an interface, the DHCP server will not only assign an IP address to the interface, but it will also send back a gateway address, and the device will install a default route to reach that gateway. If you change to static IP address, you need add that default route manually or the router will become unreachable.

Have you chacked that point?

Occasional Contributor
Posts: 9
Registered: ‎02-20-2017

Re: Change from dhcp to static address on eth0

Hello Ridha,

 

Thank you for responding.  The instances tested all have a default gateway specified in the config:

 

gateway-address 10.168.64.1

 

Any other suggestions?

 

Thanks,

 

Scott

Brocadian
Posts: 21
Registered: ‎06-17-2015

Re: Change from dhcp to static address on eth0

Can you please share vRouter's entire configuration BEFORE you delete the dhcp configuration?

Occasional Contributor
Posts: 9
Registered: ‎02-20-2017

Re: Change from dhcp to static address on eth0

[ Edited ]

Instance IP is 10.168.64.4

 

interfaces {

    ethernet eth0 {

        address dhcp

        description "HA EIP 1.1.1.1"

        duplex auto

        hw-id 00:00:00:00:00:00

        smp_affinity auto

        speed auto

    }

    loopback lo {

    }

    tunnel tun0 {

        address 169.254.1.254/30

        description "GRE tunnel"

        encapsulation gre

        local-ip 10.168.64.4

        mtu 1400

        multicast enable

        parameters {

            ip {

                tos inherit

            }

        }

        remote-ip 5.5.5.5

    }

}

nat {

    destination {

        rule 5 {

            description "AWS inbound 10.168.60.75 -> 10.168.65.109 over GRE interface for UAT"

            destination {

                address 10.168.60.75

            }

            inbound-interface tun0

            translation {

                address 10.168.65.109

            }

        }

        rule 15 {

            description "AWS inbound 10.168.50.75 -> 10.168.64.133 over GRE interface for PROD"

            destination {

                address 10.168.50.75

            }

            inbound-interface any

            translation {

                address 10.168.64.133

            }

        }

    }

    source {

        rule 5 {

            description "For 4.4.4.4 Outbound UAT-ec2-Instance1”

            destination {

                address 3.3.3.3/32

            }

            outbound-interface eth0

            source {

                address 10.168.65.200/32

            }

            translation {

                address 6.6.6.6

            }

        }

        rule 6 {

            description "For 4.4.4.4 Outbound UAT-ec2-Instance2"

            destination {

                address 3.3.3.3/32

            }

            outbound-interface eth0

            source {

                address 10.168.65.202/32

            }

            translation {

                address 6.6.6.6

            }

        }

        rule 100 {

            outbound-interface eth0

            source {

                address 10.168.64.0/23

            }

            translation {

                address masquerade

            }

        }

    }

}

policy {

    route-map outBackup {

        rule 5 {

            action permit

            set {

                community 65100:90

            }

        }

    }

    route-map outPrimary {

        rule 5 {

            action permit

            set {

                community 65100:100

            }

        }

    }

}

protocols {

    bgp 65000 {

        neighbor 169.254.1.253 {

            default-originate {

                route-map outPrimary

            }

            ebgp-multihop 5

            remote-as 65103

            route-map {

                export outPrimary

            }

        }

        network 10.168.65.64/26 {

        }

        parameters {

            no-network-synchronization

            router-id 10.0.0.12

        }

        redistribute {

            connected {

            }

            static {

            }

        }

        timers {

            holdtime 15

            keepalive 5

        }

    }

    static {

        route 0.0.0.0/0 {

            next-hop 10.168.64.1 {

            }

        }

    }

}

service {

    https {

        http-redirect enable

        listen-address 10.168.64.4

    }

    snmp {

        community smart421 {

            authorization ro

            client 10.168.64.7

        }

    }

    ssh {

        disable-password-authentication

        port 22

    }

}

system {

    config-management {

        commit-revisions 20

    }

    console {

        device hvc0 {

            speed 9600

        }

    }

    gateway-address 10.168.64.1

    host-name UAT-Vyatta

    login {

        user vyatta {

            authentication {

                encrypted-password "*"

                public-keys m2m-key {

                    key somwlongencryptedkeys

                    type ssh-rsa

                }

            }

            level admin

        }

    }

    ntp {

        server 0.vyatta.pool.ntp.org {

        }

        server 1.vyatta.pool.ntp.org {

        }

        server 2.vyatta.pool.ntp.org {

        }

    }

    syslog {

        global {

            archive {

                files 7

                size 102400

            }

            facility all {

                level notice

            }

            facility protocols {

                level notice

            }

        }

        user all {

            facility all {

                level emerg

            }

        }

    }

    time-zone Europe/London

}

vpn {

    ipsec {

        auto-update 30

        esp-group espExt {

            compression disable

            lifetime 28800

            mode tunnel

            pfs disable

            proposal 1 {

                encryption 3des

                hash md5

            }

        }

        esp-group espExt2 {

            compression disable

            lifetime 86400

            mode transport

            pfs enable

            proposal 1 {

                encryption aes256

                hash sha1

            }

        }

        esp-group espS421 {

            compression disable

            lifetime 28800

            mode tunnel

            pfs enable

            proposal 1 {

                encryption aes256

                hash sha1

            }

        }

        ike-group ikeExt {

            dead-peer-detection {

                action restart

                interval 15

                timeout 30

            }

            lifetime 86400

            proposal 1 {

                dh-group 2

                encryption 3des

                hash md5

            }

        }

        ike-group ikeExt2 {

            dead-peer-detection {

                action restart

                interval 15

                timeout 30

            }

            lifetime 86400

            proposal 1 {

                dh-group 2

                encryption aes256

                hash sha1

            }

        }

        ike-group ikeExtS421 {

            dead-peer-detection {

                action restart

                interval 15

                timeout 30

            }

            lifetime 86400

            proposal 1 {

                dh-group 2

                encryption aes128

                hash sha1

            }

        }

        ipsec-interfaces {

            interface eth0

        }

        nat-networks {

            allowed-network 0.0.0.0/0 {

            }

        }

        nat-traversal enable

        site-to-site {

            peer 5.5.5.5 {

                authentication {

                    id @id

                    mode pre-shared-secret

                    pre-shared-secret SharedKey

                    remote-id @RemoteId

                }

                connection-type initiate

                default-esp-group espExt2

                description "GRE UAT"

                ike-group ikeExt2

                local-address 10.168.64.4

                tunnel 1 {

                    allow-nat-networks disable

                    allow-public-networks disable

                    esp-group espExt2

                    protocol gre

                }

            }

            peer 4.4.4.4 {

                authentication {

                    id 1.1.1.1

                    mode pre-shared-secret

                    pre-shared-secret SharedKey

                }

                connection-type initiate

                default-esp-group espExt

                description Customer

                ike-group ikeExt

                local-address 10.168.64.4

                tunnel 3 {

                    allow-nat-networks disable

                    allow-public-networks disable

                    local {

                        prefix 2.2.2.2/32

                    }

                    remote {

                        prefix 3.3.3.3/32

                    }

                }

            }

        }

    }

}

Brocadian
Posts: 21
Registered: ‎06-17-2015

Re: Change from dhcp to static address on eth0

Thanks Scott for sharing your config.

At this point, there's no obvious reason why this problem is happening, so I need to ask your more questions:

- Can you please share the output of "show interfaces" and "show ip route" while using DHCP and after you configure the static address (from the console)?

- How are you trying to reach vRouter? is it over SSH or HTTPS?

- Are you reaching vRouter over IPsec tunnels or BGP?

- Do you know from which address you're reaching vRouter?

- Since you have console access to vRouter, can you please try to make the changes, commit, save, and reboot?

Occasional Contributor
Posts: 9
Registered: ‎02-20-2017

Re: Change from dhcp to static address on eth0

Thank you for responding Ridha.

 

To answer your questions:

 

- Can you please share the output of "show interfaces" and "show ip route" while using DHCP and after you configure the static address (from the console)?

I can show pre config but not after as the instance is unresponsive after commiting static ip change.

 

Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 10.168.64.4/28 u/u HA EIP 1.1.1.1
lo 127.0.0.1/8 u/u
::1/128
tun0 169.254.1.254/30 u/u GRE tunnel to other end
169.254.1.253/30 Primary

 

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

Gateway of last resort is 10.168.64.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.168.64.1, eth0
B 10.126.0.41/32 [20/0] via 169.254.1.253, tun0, 07:32:38
B 10.126.0.42/32 [20/0] via 169.254.1.253, tun0, 07:32:38
B 10.126.0.43/32 [20/0] via 169.254.1.253, tun0, 07:32:38
B 10.126.0.44/32 [20/0] via 169.254.1.253, tun0, 07:32:38
B 10.126.0.45/32 [20/0] via 169.254.1.253, tun0, 07:32:38
C 10.168.64.0/28 is directly connected, eth0
C 127.0.0.0/8 is directly connected, lo
C 169.254.1.252/30 is directly connected, tun0
K 6.6.6.6 is directly connected, eth0

 

- How are you trying to reach vRouter? is it over SSH or HTTPS?

SSH

 

- Are you reaching vRouter over IPsec tunnels or BGP?

IPsec

 

- Do you know from which address you're reaching vRouter?

You mean my source public IP address? i'd rather not disclosed on info on a public forum Smiley Happy

 

- Since you have console access to vRouter, can you please try to make the changes, commit, save, and reboot?

I can make the change and commit but the instance is unresponsive and detailed above. I can try to commit and save I suspect this will result in a volume restore of the instance (this has been required when trying to make this change previously).

 

Thanks,

 

Scott

 

Brocadian
Posts: 21
Registered: ‎06-17-2015

Re: Change from dhcp to static address on eth0

[ Edited ]

I tried deleting a DHCP config and replacing it with a static IP address multiple times on 5400 and 5600 and I did not have any issues, as I expected.

I am suspecting your issue is related to the fact that you're reaching vRouter over IPsec. It could be that the tunnel is bounced and it needs to come up again after some time, that's why I suggested trying commit save and reboot.

The other possibility could be that the problem is specific to AWS environment (because you experienced it both on 5400 and 5600), but since vRouter's AMI is not available there anymore, I cannot try it. If this is the case, I'd suggest you contact Brocade support so they can troubleshoot this issue with you live.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.