Closed adisos closed 5 months ago
Some suggestions:
Connectivity explanation between x and y
-> Explaining connectivity from x to y
No connection between x and y
-> No connectivity from x to y
connection blocked since transit gateway denies route between src and dst
-> All connections will be blocked since transit gateway denies route from source to destination
More suggestions (errors):
illegal src: in combined-vpc-local-tg-ky there is more than one resource (crn:551, crn:488) with the given input string vsi1-ky. can not determine which resource to analyze. consider using unique names or use input UID instead.
-> illegal src: vsi1-ky matches more than one resource (crn:551, crn:488). Use VPC-name prefixes or CRNs.
error parsing arguments: wrong connection description protocol 'DEP'; must be one of: 'TCP, UDP, ICMP'.
-> error parsing arguments: protocol must be one of: 'TCP', 'UDP', 'ICMP'
error parsing arguments: src-min-port, src-max-port, dst-min-port and dst-max-port must be in ranges [1, 65535].
-> error parsing arguments: port number must be between 1 and 65535, inclusive.
Thanks @nevo I'll insert all your suggestions. I'm listing here the identified errors, for coverage sake - see if you want to look into any of these (assuming you did not yet)
// 1. Both src and dst are external address
// 2. Src/dst is a Cidr that contains both internal and external address
// 3. Src/dst represents two different vsis in a certain config. This can be due to multiVpc context
// 4. Src/dst is an internal address within subnets of the VPC but not connected to a vsi
// 5. Src/dst does not present a legal IP address, a legal CIDR or a vsi name (vsi of the vpc)
// 6. Src/dst is an internal address not within subnets of the VPC
Thanks @nevo I'll insert all your suggestions. I'm listing here the identified errors, for coverage sake - see if you want to look into any of these (assuming you did not yet)
// 1. Both src and dst are external address // 2. Src/dst is a Cidr that contains both internal and external address // 3. Src/dst represents two different vsis in a certain config. This can be due to multiVpc context // 4. Src/dst is an internal address within subnets of the VPC but not connected to a vsi // 5. Src/dst does not present a legal IP address, a legal CIDR or a vsi name (vsi of the vpc) // 6. Src/dst is an internal address not within subnets of the VPC
My version:
Both src and dst are external IP addresses
Src/dst is a CIDR that contains both internal and external IP addresses
Src/dst matches more than one VSI. Use VPC-name prefixes or CRNs
(why is this different from the "more than one resource" error?)Src/dst is an IP address within one of the given subnets, but is not connected to a VSI
Src/dst is not a legal IP address, CIDR, or VSI name
Src/dst is a VPC IP address, but not within any subnet
Some suggestions:
* Header: `Connectivity explanation between x and y` -> `Explaining connectivity from x to y` * `No connection between x and y` -> `No connectivity from x to y` * `connection blocked since transit gateway denies route between src and dst` -> `All connections will be blocked since transit gateway denies route from source to destination`
Similarly:
connection blocked since source and destination in different VPCs with no transit gateway in-between
-> All connections will be blocked since source and destination in different VPCs with no transit gateway in-between
Output part solved by https://github.com/np-guard/vpc-network-config-analyzer/pull/538
3. `Src/dst matches more than one VSI. Use VPC-name prefixes or CRNs` (why is this different from the "more than one resource" error?)
Its not different - its the same. We also support IKS node and VPE's (look at the testing with vpe or iks in their names). Would it be correct to use the term VSI?
4. `Src/dst is an IP address within one of the given subnets, but is not connected to a VSI`
The error message in this case is no network interfaces are connected to 10.240.10.5 in any of the VPCs
5. Src/dst is not a legal IP address, CIDR, or VSI name
done, but should we also mention here VPEs and IKNodes?
6. `Src/dst is a VPC IP address, but not within any subnet`
The error message in this case is:
illegal src: internal address 10.20.10.0/24 not within the vpc test-vpc1 subnets' address range 10.240.10.0-10.240.10.255, 10.240.20.0-10.240.20.255, 10.240.30.0-10.240.30.255
error messages comments solved by https://github.com/np-guard/vpc-network-config-analyzer/pull/540
output examples to review at: https://github.com/np-guard/vpc-network-config-analyzer/tree/main/pkg/ibmvpc/examples/out/explain_out
consider also running from cli with desired input args