#ONTAP Tools for VMware vSphere (OTV 10.5) - Unable to add storage backend

Hi everyone,

I installed a new version of OTV in my environment. I successfuly added my vCenter instance and registered VASA Provider into my vCenter but when I try to add a storage backend, I got a 504 Gateway Time-out error.
My network team says there is not blocked ports between OTV and my ONTAP cluster.

Do you have any advice how I can troubleshoot that (log file path to find a more precise error message, ...)?

OTV version: 10.5
ONTAP Cluster #1 version: 9.14.1P5
ONTAP Cluster #2 version: 9.15.1P4
vCenter version: 8.0.3

Thanks in advance for your help 😇

What ip address are you using?

Generally you will use the cluster management address.
You can use the svm address but you would need a lif capable of communication meaning it would need a service policy that allows it through

Yes, I'm using the cluster management IP address (for convenience).

Is there a service policy preventing access? From another host on the same vlan as the Otv host, are you able to ping the Netapp cluster? Is it possible there is a firewall or even an ACL on a switch preventing access?

Isn't there actually two ways to add the storage backend? either from the OTV Management web GUI, or via the vCenter Plugin.. We have this setup on a few SMas setups where we need to add the storage via the vCenter Plugin...

good point.

I have had nothing but bad luck adding storage backends via the OTV web interface (supposedly making it accessible to all vCenters also).

I typically register the vcenter, then go to THAT vcenter and use the Plugin to add storage

I cannot attest to 10.5 in the field yet, but when I tried early versions it just did.not.work.

I tried both, via OTV Management web GUI and via vCenter Plugin and unfortunately I have the same error.

Not to worry anyone, but I got a customer who started on 10.2, which failed to upgrade to 10.4, we then had to rollback to 10.2, then re-resiger the plugin manually because it was now too new... just to try the update again to 10.3, which also failed... (active support case now open for over a month)... the main cause why we don't just re-install is that it was setup on 10.2 with SMas... and apparently it will not be re-discovered if you just re-install 10.4 or 5... so we need to go via this painful way... or as support suggested, we could just break the SMAs setup and start over... (with data already in production we kindly declined this)... so my experiance with OTV 10.x has not been the best... 🙂

Sounds like there is a networking issue... I guess you are using the ONTAP Cluster IP and an administrator account? And does all DNS work (forward/reverse) to both OTV and ONTAP Clusters?

Might be worth looking at the ONTAP Cluster certificated, I think it creates one there, maybe it's "broken" somehow? (look under Client/Server Certificates).. and as always when working with certificates, check the time/date on ONTAP, OTV, vCenter is in sync...

...about the logfile, you can generate a log-bundle via the OTV Management GUI and in the vCenter Plugin under support... it basically gathers logs then zip's it up so you can download it, or typically send it of to support... but you can unpack it yourself and have a look ...

...you can also just enable remote access to the OTV VM... via the VM Console... login with "maint" and enable the diag user with a new password... then you are able to ssh into the OTV via "diag@otv...." but of cause you would need to know what to look for here... it's all a bunch of containers running... so very much good luck 😉

If time/date, DNS, and general network is OK, and it still doesn't work, I would consider a support case... they will most likely request the logbundle... and they know what to look for

just did a quick search and fund this: https://kb.netapp.com/data-mgmt/OTV/VSC_Kbs/ONTAP_Tools__504_Gateway_Timeout_error_when_adding_storage_backend_to_OTV_10

Basically points towards firewall ports not open...

https://docs.netapp.com/us-en/ontap-tools-vmware-vsphere-10/deploy/prerequisites.html#port-requirements

Here you will find a list of ports required to be open between the different elements

Yes, I found it but my network team is still saying there is no blocked port between my equipements.

I'm checking DNS and NTP on both (OTV and ONTAP) and everything seems to be OK.

I'm going to downloads log bundle ans deep dive into it as you sugested.
In the same time, I opened a support case to have some help.
I'll keep you informed 😊

Thanks a lot for all the tips

mmmh... Bad news... It seems an IP range use by Kubernetes inside the appliance is 10.42.0.0/16 for the cluster which overlaps the network where my ONTAP Clusters resides (10.42.31.0/24 and 10.42.32.0/24) 😩

Technical Support Team answered me few minutes ago. We will see...

Damn... Is that documented anywhere?

Actually I think if you look at the vm in vcenter it will list the IPs, including one in that range

Pretty sure no way to easily change. Might be a way but only during install if even possible

ah yes, 10.42 is the default k8s backend network range.... we got lucky and started our networks at 10.60.x.x or something back in the day.

Changing this will be a challenge

I just looked at a new install.
the IPs it used
192.168.100.41
192.168.100.42
192.168.100.43
10.42.0.0

Isn't OTV 10 based on k8s internally? Then it would make sense that it uses those 10.42 IPs