10-06-2020 04:41 PM
I have installed ExtremeCloud IQ virtual appliance (version 20.1.5.2-NGVA) in a private VMware cluster where the IQ VM does not have a public IP, but AP’s access it via haproxy-VM that has got public IP and mediates traffic to the internal IP of IQ VM. haproxy is configured to mediate ports TCP-80 and TCP-443.
I have configured AP (model AP305C) to use HTTP for connection to IQ and configured haproxy public IP as the target server via AP’s web GUI.
The initial connection works fine via TCP-80 and the AP appears in IQ. However when I try to apply policy for the AP, I see “Device update failed” error which indicates that HTTPS connection to IQs private IP via TCP-443 fails. I see the same also when tcpdumping on the router that provides internet connection for the AP, there are TCP-443 SYN packets that AP sends towards IQs private IP.
Apparently when IQ sends configuration update command to the AP, IQ puts its own IP-address inside the command and that is IQ VMs private IP-address that cannot be accessed by the APs in the internet. Instead the APs should open TCP-443 connection to the same public haproxy-IP that it used also for TCP-80 connection.
My question is the following: Is there some configuration parameter in ExtremeCloud IQ where I could tell what it should consider as its own public IP?
I think this requirement for public IP configuration isn’t anything too unique, as the same issue would be faced as well if the IQ node would be behind a floating-IP of cloud platform. Logically that would be the same as in my case when using haproxy in between the AP and IQ.
Solved! Go to Solution.
10-08-2020 03:07 PM
The interface does not need to be public, it just needs to be either on the same subnet as your APs, or to have a route set up between your APs and your manager instance on your backend network.
10-07-2020 06:09 PM
There isn’t a place to set the public IP for the XIQVA instance unfortunately, I believe you’d want to manage this via your network DHCP/firewall.