# IP Address Conflicts - Verified & Recommendations **Date:** 2026-01-20 **Status:** ⚠️ **CRITICAL** - 3 IP Conflicts Identified **Verification:** All conflicts verified from running containers --- ## Executive Summary **IP Conflicts Found:** 3 verified conflicts **Impact:** Network routing issues possible **Priority:** ⚠️ **CRITICAL** - Immediate action required --- ## Verified IP Conflicts ### Conflict 1: 192.168.11.50 ⚠️ **CRITICAL** **Containers with same IP:** - ✅ VMID 7800: sankofa-api-1 (192.168.11.50:4000) - **Running** - ✅ VMID 10070: order-legal (192.168.11.50) - **Running** **Host:** r630-01 (192.168.11.11) **Impact:** - Both containers claim same IP address - Network routing conflicts will occur - Only one service can properly route traffic **Verification:** ```bash # VMID 7800 (sankofa-api-1) hostname: sankofa-api-1 net0: name=eth0,bridge=vmbr0,gw=192.168.11.11,hwaddr=BC:24:11:3F:B6:CD,ip=192.168.11.50/24,type=veth status: running # VMID 10070 (order-legal) IP: 192.168.11.50 status: running ``` **Recommendation:** ⚠️ **URGENT** - Reassign order-legal to different IP --- ### Conflict 2: 192.168.11.51 ⚠️ **CRITICAL** **Containers with same IP:** - ✅ VMID 7801: sankofa-portal-1 (192.168.11.51:3000) - **Running** - ✅ VMID 10230: order-vault (192.168.11.51) - **Running** **Host:** r630-01 (192.168.11.11) **Impact:** - Both containers claim same IP address - Network routing conflicts will occur - Sankofa Portal may not be accessible via correct IP **Verification:** ```bash # VMID 7801 (sankofa-portal-1) hostname: sankofa-portal-1 net0: name=eth0,bridge=vmbr0,gw=192.168.11.11,hwaddr=BC:24:11:0D:FB:EE,ip=192.168.11.51/24,type=veth status: running # VMID 10230 (order-vault) IP: 192.168.11.51 status: running ``` **Recommendation:** ⚠️ **URGENT** - Reassign order-vault to different IP --- ### Conflict 3: 192.168.11.52 ⚠️ **CRITICAL** **Containers with same IP:** - ✅ VMID 7802: sankofa-keycloak-1 (192.168.11.52:8080) - **Running** - ✅ VMID 10232: CT10232 (192.168.11.52) - **Running** **Host:** r630-01 (192.168.11.11) **Impact:** - Both containers claim same IP address - Network routing conflicts will occur - Keycloak authentication may fail **Verification:** ```bash # VMID 7802 (sankofa-keycloak-1) hostname: sankofa-keycloak-1 net0: name=eth0,bridge=vmbr0,gw=192.168.11.11,hwaddr=BC:24:11:C8:D9:B8,ip=192.168.11.52/24,type=veth status: running # VMID 10232 (CT10232) IP: 192.168.11.52 status: running ``` **Recommendation:** ⚠️ **URGENT** - Reassign CT10232 to different IP --- ## Conflict Resolution Recommendations ### Priority 1: Immediate Actions ⚠️ **CRITICAL** **Recommended IP Reassignments:** 1. **VMID 10070 (order-legal):** - **Current:** 192.168.11.50 ⚠️ CONFLICT - **Recommended:** 192.168.11.54 (available) - **Action:** Update container network configuration 2. **VMID 10230 (order-vault):** - **Current:** 192.168.11.51 ⚠️ CONFLICT - **Recommended:** 192.168.11.55 (available) - **Action:** Update container network configuration 3. **VMID 10232 (CT10232):** - **Current:** 192.168.11.52 ⚠️ CONFLICT - **Recommended:** 192.168.11.56 (available) - **Action:** Update container network configuration **Rationale:** - Sankofa services (7800-7803) are production services and should keep their IPs - Order services can be reassigned to new IPs - Available IPs identified: 192.168.11.54-56 --- ## Resolution Steps ### Step 1: Verify IP Availability **Check available IPs in range 192.168.11.54-56:** ```bash # Verify IPs are not in use for ip in 192.168.11.54 192.168.11.55 192.168.11.56; do ping -c 1 -W 1 $ip > /dev/null 2>&1 && echo "$ip: IN USE" || echo "$ip: AVAILABLE" done ``` ### Step 2: Update Container Network Configuration **For VMID 10070 (order-legal):** ```bash # Stop container pct stop 10070 # Update network configuration pct set 10070 --net0 name=eth0,bridge=vmbr0,gw=192.168.11.11,ip=192.168.11.54/24,type=veth # Start container pct start 10070 # Verify new IP pct exec 10070 -- hostname -I ``` **For VMID 10230 (order-vault):** ```bash # Stop container pct stop 10230 # Update network configuration pct set 10230 --net0 name=eth0,bridge=vmbr0,gw=192.168.11.11,ip=192.168.11.55/24,type=veth # Start container pct start 10230 # Verify new IP pct exec 10230 -- hostname -I ``` **For VMID 10232 (CT10232):** ```bash # Stop container pct stop 10232 # Update network configuration pct set 10232 --net0 name=eth0,bridge=vmbr0,gw=192.168.11.11,ip=192.168.11.56/24,type=veth # Start container pct start 10232 # Verify new IP pct exec 10232 -- hostname -I ``` ### Step 3: Update Service Configuration **Update any service configurations that reference old IPs:** - Order service configurations - Service discovery configurations - Load balancer configurations - Documentation ### Step 4: Verify Resolution **Verify no conflicts remain:** ```bash # Check for duplicate IPs for ip in 192.168.11.50 192.168.11.51 192.168.11.52 192.168.11.54 192.168.11.55 192.168.11.56; do echo "=== IP $ip ===" for host in 192.168.11.11 192.168.11.12 192.168.11.10; do ssh root@$host "for vmid in \$(pct list 2>/dev/null | tail -n +2 | awk '{print \$1}'); do ip_addr=\$(pct exec \$vmid -- hostname -I 2>/dev/null | awk '{print \$1}'); if [ \"\$ip_addr\" = \"$ip\" ]; then name=\$(pct config \$vmid 2>/dev/null | grep '^hostname:' | cut -d' ' -f2 || echo 'unknown'); echo \" $host: VMID \$vmid (\$name)\"; fi; done" 2>/dev/null done done ``` --- ## Available IP Addresses **Verified Available IPs in 192.168.11.0/24:** - 192.168.11.54 ✅ Available - 192.168.11.55 ✅ Available - 192.168.11.56 ✅ Available - 192.168.11.57 ✅ In use (firefly-ali-1) - 192.168.11.58-59 ⚠️ Need verification - 192.168.11.65+ ⚠️ Need verification **Recommendation:** Use 192.168.11.54-56 for reassignments (verified available) --- ## Impact Assessment ### Current Impact **Network Routing:** - ⚠️ Unpredictable routing behavior - ⚠️ Services may not be accessible via expected IPs - ⚠️ Load balancing will fail - ⚠️ Service discovery may fail **Service Availability:** - ⚠️ Sankofa services may experience intermittent failures - ⚠️ Order services may not be accessible - ⚠️ NPMplus routing may be incorrect ### After Resolution **Expected Improvements:** - ✅ Predictable network routing - ✅ All services accessible via correct IPs - ✅ Load balancing will work correctly - ✅ Service discovery will work correctly --- ## Recommended Resolution Timeline ### Immediate (Priority 1) ⚠️ **CRITICAL** 1. **Verify IP availability** (5 minutes) 2. **Resolve Conflict 1:** VMID 10070 (order-legal) → 192.168.11.54 (10 minutes) 3. **Resolve Conflict 2:** VMID 10230 (order-vault) → 192.168.11.55 (10 minutes) 4. **Resolve Conflict 3:** VMID 10232 (CT10232) → 192.168.11.56 (10 minutes) 5. **Verify resolution** (5 minutes) **Total Time:** ~40 minutes ### Follow-up (Priority 2) 6. **Update service configurations** (if needed) 7. **Update documentation** with new IPs 8. **Test service connectivity** 9. **Verify NPMplus routing** (if applicable) --- ## Verification Status ### Pre-Resolution **Conflicts Verified:** - ✅ 192.168.11.50: 2 containers (7800, 10070) - ✅ 192.168.11.51: 2 containers (7801, 10230) - ✅ 192.168.11.52: 2 containers (7802, 10232) ### Post-Resolution (Expected) **No Conflicts:** - ✅ 192.168.11.50: 1 container (7800 only) - ✅ 192.168.11.51: 1 container (7801 only) - ✅ 192.168.11.52: 1 container (7802 only) - ✅ 192.168.11.54: 1 container (10070 only) - ✅ 192.168.11.55: 1 container (10230 only) - ✅ 192.168.11.56: 1 container (10232 only) --- ## Summary **Critical Issues:** - ✅ 3 IP conflicts identified and verified - ✅ Resolution steps documented - ✅ Available IPs identified - ✅ Impact assessment completed **Next Steps:** 1. ⚠️ **URGENT** - Resolve IP conflicts immediately 2. Verify resolution 3. Update documentation 4. Test service connectivity **Priority:** ⚠️ **CRITICAL** - Network routing issues will occur until conflicts are resolved --- **Last Updated:** 2026-01-20 **Status:** ⚠️ **CRITICAL** - Action Required