Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Contrail] Incorrect AAP format causes inconsistency between contrail DB and neutron port-list show

0

0

Article ID: KB35534 KB Last Updated: 25 Mar 2020Version: 1.0
Summary:

When Allowed Address Pairs (AAP) is configured on a Virtual Machine Interface (VMI), if the IP address format is incorrect, it may cause inconsistencies between the Contrail database and the neutron port-list show command. In this case, the VMI port will not be accepted by neutron. This is especially true when automation tools such as heat template or via contrail config editor is used.

Symptoms:

A VMI with UUID '1c6a93ae-c298-4a0d-90d1-145a0b2fa6b0' is displayed in the Contrail web portal but it not shown in the neutron port-list command as follows:

root@cont101:~# curl -u admin:Juniper http://localhost:8095/virtual-machine-interface/1c6a93ae-c298-4a0d-90d1-145a0b2fa6b0 | python -mjson.tool
{
    "virtual-machine-interface": {
        "display_name": "1c6a93ae-c298-4a0d-90d1-145a0b2fa6b0",
        "ecmp_hashing_include_fields": {},
        "fq_name": [
            "default-domain",
            "admin",
            "1c6a93ae-c298-4a0d-90d1-145a0b2fa6b0"
        ],
        "href": "http://localhost:8095/virtual-machine-interface/1c6a93ae-c298-4a0d-90d1-145a0b2fa6b0",
        "uuid": "1c6a93ae-c298-4a0d-90d1-145a0b2fa6b0",
        "virtual_machine_interface_allowed_address_pairs": {
            "allowed_address_pair": [
                {
                    "address_mode": "active-active",
                    "ip": {
                        "ip_prefix":"2716:ae00:2e20:1500::18,2716:ae00:2e20:1500::19,2716:ae00:2e20:1500::20,2716:ae00:2e20:1500::21,2716:ae00:2e20:1500::22,2716:ae00:2e20:1500::23,2716:ae00:2e20:1500::24,2716:ae00:2e20:1500::25,2716:ae00:2e20:1500::26",
                        "ip_prefix_len": 128
                    }
                }
            ]
        },


When checking VMI via neutron show command, it returns an error:

root@cont101:~# neutron port-show 1c6a93ae-c298-4a0d-90d1-145a0b2fa6b0
Unable to find port with name '1c6a93ae-c298-4a0d-90d1-145a0b2fa6b0'
Cause:

This is because the AAP field, i.e., ip_prefix, has a strict format requirement such that it cannot be null or "" or with all IP addresses written in one line as below:

"ip_prefix":"2716:ae00:2e20:1500::18,2716:ae00:2e20:1500::19,2716:ae00:2e20:1500::20,2716:ae00:2e20:1500::21,2716:ae00:2e20:1500::22,2716:ae00:2e20:1500::23,2716:ae00:2e20:1500::24,2716:ae00:2e20:1500::25,2716:ae00:2e20:1500::26",
Solution:

When checking the config in json format, we discovered the AAP session is messed up by the heat template. The following format is incorrect because each ip_prefix should be within a separate {} section.


"address_mode": "active-active", 
"ip": { 
"ip_prefix": "2716:ae00:2e20:1500::18,2716:ae00:2e20:1500::19,2716:ae00:2e20:1500::20,2716:ae00:2e20:150 ::21,2716:ae00:2e20:1500::22,2716:ae00:2e20:1500::23,2716:ae00:2e20:1500::24,2716:ae00:2e20:1500::25,2716:ae00:2e20:1500::26", 
"ip_prefix_len": 128 
}, 
"mac": null 

Correct case: 

ip: { 
ip_prefix: 2716:ae00:2e20:1500::18, 
ip_prefix_len: 128 
} , 
address_mode: active-active 


ip: { 
ip_prefix: 2716:ae00:2e20:1500::19, 
ip_prefix_len: 128 
} , 
address_mode: active-active 


ip: { 
ip_prefix: 2716:ae00:2e20:1500::20, 
ip_prefix_len: 128 
} , 
address_mode: active-active 

ip: { 
ip_prefix: 2716:ae00:2e20:1500::21, 
ip_prefix_len: 128 
} , 
address_mode: active-active 

ip: { 
ip_prefix: 2716:ae00:2e20:1500::22, 
ip_prefix_len: 128 
} , 
address_mode: active-active 

ip: { 
ip_prefix: 2716:ae00:2e20:1500::23, 
ip_prefix_len: 128 
} , 
address_mode: active-active 

ip: { 
ip_prefix: 2716:ae00:2e20:1500::24, 
ip_prefix_len: 128 
}, 
address_mode: active-active 

ip: { 
ip_prefix: 2716:ae00:2e20:1500::25, 
ip_prefix_len: 128 
} , 
address_mode: active-active 

ip: { 
ip_prefix: 2716:ae00:2e20:1500::26, 
ip_prefix_len: 128 
}, 
address_mode: active-active 

Simply re-configure the AAP using the correct format will resolve this failure. Juniper has made a partial enhancement to avoid configuration error from users. However, it cannot prevent all possible incorrect formats such as the one described above. Be sure to verify the AAP format when encountering such failures.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search