IP Address Conflict in AFW Address and System Access
Problem You cannot access the Cisco DCNM Web UI when the user system is configured in the same IP subnet as that of the internal subnet used by application framework in the Cisco DCNM.
Possible Cause Application framework IP address subnet that is configured on DCNM is conflicting with the IP address that is configured on a system that is accessed by the Cisco DCNM user.
Solution
If the DCNM internal address space is conflicting with the address space that is used in the network where a user access DCNM, use the application framework configuration to modify the subnet used in DCNM.
From Cisco DCNM Release 11.0, DCNM Infrastructure uses specific subnets, by default, for its internal purpose. The IP address subnets are as follows:
-
10.1.0.0/16: Used by service containers to communicate between each other.
-
172.17.0.0/16: Used by containers to communicate with native services.
-
172.18.0.0/16: Used by containers to communicate with any other native services.
The above subnets are not used to communicate with any devices outside of the DCNM. But, they can conflict with some services if they are used by external devices. For example, your PC used to access DCNM on the browser may use one of the same subnets or failure to enable EPL if the fabric routing loopback is using the same subnet pool to pick loopback IPs.
While installing Cisco DCNM Release 11.2(1), you can configure all the above subnets from a single larger subnet. When upgrading from Release 11.0(1) or 11.1(1) to Release 11.2(1), you must reconfigure these subnets, as required.
Modify the subnets by using the following commands:
-
appmgr afw setup-net <ipv4-subnet>
IPv4 subnet must have minimum length of /24 and maximum length of /20.
Note
This command is not supported on DCNM installations that have computes connected.
This command reconfigures inter-subnet address that is used by service containers to communicate between each other. Execute this command on the Active node first, and then on the Standby node.
-
appmgr afw setup-bridge <ipv4-subnet>
IPv4 subnet must have minimum length of /24 and maximum length of /20.
This command reconfigures the subnets that are used by service containers to communicate with any other native services in the DCNM. Execute this command on all the DCNM nodes, including the Compute install nodes.
To confirm the change to subnets used for communication to docker native services, use the following sample commands outputs.
root@dcnm# ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:3aff:fea1:dd09 prefixlen 64 scopeid 0x20<link>
ether 02:42:3a:a1:dd:09 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 656 (656.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@dcnm# ifconfig docker_gwbridge
docker_gwbridge: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:b0ff:fe9a:5adc prefixlen 64 scopeid 0x20<link>
ether 02:42:b0:9a:5a:dc txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0