vSheild firewalls in VMware vCloud Director can sometimes give errors with allocated IP addresses and claim that they are already in use, even though they are not. vCloud Director does have an option for IP Address release timeout, but in my experience this doesn’t work every time. To change the default IP address release timeout, go to the Administration tab and select general from System Settings. You can find network related settings in the middle of the page, and from there you can select the time in seconds. I’ve kept this setting 7200 seconds, which means 2 hours which is the recommendation in vCloud Director.
Specifies how long to keep released IP addresses on hold before making them available for allocation again. This is typically set to 2 hours to allow old entries to expire from client ARP tables. IP addresses on hold are not shown in ‘IP Allocations’.
Now in those cases that you receive an error when sub-allocating IP addresses on your vSheild Edge firewall there is a dirty fix for it to release IP addresses manually. Do note that you should always have a backup of your database, be 100% sure of what you do. Also I do not take any responsibility if you break your own system.
Open a remote desktop connection to your vCloud Director database server and open the SQL Server Managemet Studio (if you use Microsoft SQL server). In your vCloud database you can find a table named dbo.allocated_ip_addresses (in example: [vcloud].[dbo].[allocated_ip_address]). You can select the top 1000 rows from this table to view the contents of it. You can see from the table that it contains a list of IP addrsses, and what network they are allocated to (scope_id column). If everything works as expected, the timeout value is set to 2h (if the timeout is 7200 seconds as mentioned before). If there is no timeout on the network and it’s not marked for release, it’s set to 9999-12-31 23:59:59.997. The state shows if the address is being used or if it should be free for the taking.
To release the IP address that is no longer in use, you can delete the row from this table with the following command.
DELETE FROM [vcloud].[dbo].[allocated_ip_address] WHERE address = 'aaa.bbb.ccc.ddd'
If you want to make sure, just add additional where clauses! After this the IP address will be available for sub-allocation on your vSheild Edge firewall. Once you add the ip to a firewall, vCloud director will add a new line to the dbo.allocated_ip_addresses table matching the same IP you just deleted from it.
Note: Make sure that you are deleting the CORRECT line from the database. If you delete the wrong one, it does screw up with the vCD system.