Network Discovery

We have been working on a MaaS proof-of-concept deployment at our organization and we currently have it working to the point that we can deploy to physical hosts in our datacenter, but I have a question about Network Discovery.

Though we currently have active network discovery enabled, there are no hosts being discovered. Since this is just a proof-of-concept, we do not yet have separate rack controllers. We have only one machine acting as both the MaaS region controller and rack controller, and it is on a separate vlan from the hosts it is deploying to. Our networking team has enabled the dhcp helper on the router where our hosts are, so MaaS is able to receive dhcp requests from (and serve dhcp addresses to) machines on that separate host vlan. But does active network discovery require that the rack controller be on the same subnet as the hosts it is discovering? Or is it possible to discovery hosts on other subnets?

From my understanding, network discovery happens mainly at layer 2 so your MAAS box would need to be setup on each vlan in your datacenter. This will also simplify your DHCP setup since you won’t have to mess with DHCP relays or trying to route DHCP packets. In our setup, I made the interface on the switch that our maas box is connected to a trunk port so it has access to all vlans. (This could be restricted to only the necessary vlans if you want.) Then, I added the vlans to the interface of my MAAS box.

This may also help with the issue you were having in your other post.

I spoke to our network engineer and here’s the feedback I received when I told him the MaaS server would need to see L2 traffic from all our vlans:

I’d initially say if we’d like to go with this approach, we could create another small service network, put the MaaS host in it, ACL it to only what it needs, then span the needed compute networks to this host - the interfaces should have very strict iptables blocking them from unneeded L2 traffic (although this may not be possible depending on what MAAS needs to see)
Everything it’s asking to do is what a rogue host would look for in breaching a network
Note I’m not sure how well a single host will deal with seeing ARP from 1000’s of hosts

@dcaunt42, can you post a screenshot of your ‘Subnets’ tab in MAAS?

@billwear Here is the ‘Subnets’ tab. VLAN 2436 is where the MAAS server lives, and the nodes that it is currently deploying to are on VLAN 2476. They have their DHCP requests relayed via a helper to the MAAS server.

1 Like

and this is working, albeit not the configuration you want?

Correct - if I manually enter the hardware information for a test node on 2476 into MAAS, I am able to commission it and deploy to it. I am also able to PXE boot a node on 2476 and it will get a DHCP address from MAAS so that MAAS can learn about it that way. The only part so far that is not working yet is the discovery (either active or passive). But also, you are correct that this is not the configuration we want long-term. This is our proof-of-concept setup for us to learn about MAAS and see if it would suit our future needs.

i’ll ask around. might be after the holidays, we shut down at the end of this week until Jan 3, fyi.

Hi Bill. I hope you all had an enjoyable holiday break. This is just a friendly reminder to have this question back on your radar. Thanks.

I have another stalled question here as well, if you or any of your colleagues have advice about the “Failed installing package(s) for 20-maas-01-install-lldpd” error that I’m seeing:

1 Like

@billwear I just wanted to check in one more time to see if there’s any update here before this thread gets automatically closed due to inactivity like my other ticket (6507) did.

still waiting for an answer. even if they close, i can reopen them.