This repository has been archived by the owner on Jan 8, 2021. It is now read-only.
Identifying and assigning VRF and tenants problem #114
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello!
Im struggling with getting the correct VRF and Tenant assigned, some back info:
We have the following environment:
1 vCenter
Everyone(almost apart from some old legacy) has their own virtual firewall, so everyone is isolated in their own little island.
Multiple firewalls have the same internal networks/subnet
What we tried:
Setting up VRFs based on everyone that has their own firewall, mapping the associated subnet to that VRF and also setting the tenant on everything(VRF, Subnet and individuall IPs). This works well when subnets are not the same(even tho they are in different VRFs) when the subnets are the same the Tenant and VRF gets tossed around. Example:
We have the subnet 192.168.128.0/24 that are used behind 4 different firewalls by four different tenants, so we have this subnet in four different VRFs and each is tagged with the tenant it belongs to. When running the sync the tenants and VRFs gets messed up. This is what it should look like:
What happens when the sync is run:
Log from example objekt with IP: 192.168.128.13/24:
`Validating IP '192.168.128.13/24' is properly formatted and within allowed networks.
2020-05-27 15:18:47,174 [DEBUG] Checking whether IP address '192.168.128.13/24' is within ['192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8', 'Removed/22'].
2020-05-27 15:18:47,174 [DEBUG] IP '192.168.128.13/24' validation returned a True status.
2020-05-27 15:18:47,174 [DEBUG] IP 192.168.128.13/24 has passed necessary pre-checks.
2020-05-27 15:18:47,175 [DEBUG] Converted '192.168.128.13/24' to CIDR notation '192.168.128.13/24'.
2020-05-27 15:18:47,175 [DEBUG] Sending GET to 'https://removed/api/ipam/prefixes/?contains=192.168.128.13/24' with data 'None'.
2020-05-27 15:18:47,305 [DEBUG] Received HTTP Status 200.
2020-05-27 15:18:47,305 [DEBUG] NetBox GET request OK; returned 200 status.
2020-05-27 15:18:47,306 [DEBUG] IP address 192.168.128.13/24 is a child of prefix 192.168.128.0/24 with the following attributes: {'tenant': {'name': 'Huzells'}, 'vrf': {'name': 'fw0076-dc01-huzells'}}
2020-05-27 15:18:47,306 [DEBUG] Sending GET to 'https://removed/api/ipam/ip-addresses/?address=192.168.128.13/24' with data 'None'.
2020-05-27 15:18:47,433 [DEBUG] Received HTTP Status 200.
2020-05-27 15:18:47,433 [DEBUG] NetBox GET request OK; returned 200 status.
2020-05-27 15:18:47,433 [DEBUG] NetBox ip_addresses object '192.168.128.13/24' already exists. Comparing values.
2020-05-27 15:18:47,433 [DEBUG] vc_data[address] and nb_data[address] values match.
2020-05-27 15:18:47,434 [DEBUG] vc_data[status] and nb_data[status] values match.
2020-05-27 15:18:47,434 [DEBUG] vc_data[tags] and nb_data[tags] key 'tags' contains list.
Validating dict1 items exist in dict2.
2020-05-27 15:18:47,434 [DEBUG] vc_data[tags] and nb_data[tags] values match.
2020-05-27 15:18:47,434 [DEBUG] vc_data[interface] and nb_data[interface] contain dictionary. Evaluating.
2020-05-27 15:18:47,434 [DEBUG] vc_data[interface][name] and nb_data[interface][name] values match.
2020-05-27 15:18:47,434 [DEBUG] vc_data[interface][virtual_machine] and nb_data[interface][virtual_machine] contain dictionary. Evaluating.
2020-05-27 15:18:47,434 [DEBUG] vc_data[virtual_machine][name] and nb_data[virtual_machine][name] values match.
2020-05-27 15:18:47,434 [DEBUG] Final dictionary compare result: True
2020-05-27 15:18:47,434 [DEBUG] vc_data[interface][virtual_machine] and nb_data[interface][virtual_machine] values match.
2020-05-27 15:18:47,435 [DEBUG] Final dictionary compare result: True
2020-05-27 15:18:47,435 [DEBUG] vc_data[interface] and nb_data[interface] values match.
2020-05-27 15:18:47,435 [DEBUG] vc_data[vrf] and nb_data[vrf] contain dictionary. Evaluating.
2020-05-27 15:18:47,435 [DEBUG] Mismatch: vc_data[vrf][name] value is 'fw0076-dc01-huzells' while nb_data[vrf][name] value is 'Legacy'.
2020-05-27 15:18:47,435 [DEBUG] vc_data[vrf][name] and nb_data[vrf][name] values do not match.
2020-05-27 15:18:47,435 [DEBUG] vc_data[vrf] and nb_data[vrf] values do not match.
2020-05-27 15:18:47,435 [INFO] NetBox ip_addresses object '192.168.128.13/24' do not match current values.
2020-05-27 15:18:47,435 [DEBUG] Merging tags between vCenter and NetBox object.
2020-05-27 15:18:47,435 [DEBUG] Sending PATCH to 'https://removed/api/ipam/ip-addresses/706/' with data '{'address': '192.168.128.13/24', 'status': 'active', 'tags': ['vcsa01', 'vCenter', 'Synced'], 'interface': {'name': 'vNIC0', 'virtual_machine': {'name': 'MOSWSS01'}}, 'vrf': {'name': 'fw0076-dc01-huzells'}, 'tenant': {'name': 'Huzells'}}'.
2020-05-27 15:18:47,635 [DEBUG] Received HTTP Status 200.
2020-05-27 15:18:47,636 [DEBUG] NetBox PATCH request OK; returned 200 status.`
192.168.128.13 only exists in one VRF but the prefix it self 192.168.128.0/24 (in different vrfs) exists but why does it change the VRF and tenant to in this case Huzells?
Mismatch: vc_data[vrf][name] value is 'fw0076-dc01-huzells' while nb_data[vrf][name] value is 'Legacy'.
How does the vc_data[vrf] get populated?
Any advice or if this is even possible to get working in our setup would be much appriciated
The text was updated successfully, but these errors were encountered: