cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [2/2] git commit: updated refs/heads/4.9 to 2e5373b
Date Wed, 07 Dec 2016 18:37:28 GMT
Merge pull request #1659 from murali-reddy/multiple_public_ip_ranges_non_vpc

CLOUDSTACK-9339 Virtual Routers don't handle Multiple Public Interfaces correctlyAs pointed
out in CLOUDSTACK-9339, in case of multiple public IP's from different public IP ranges are
associated with VR, VR functionality is broken from 4.6. Below are the brief list of problems
specific to non-VPC networks addressed in the PR. This PR handles both VPC and non-VPC scenarios.
- reverse traffic for the connections accepted on the eth3 and above public interfaces are
getting blocked. Need a rule for e.g "-A FORWARD -i  eth3 -o eth0 -m state --state RELATED,ESTABLISHED
-j ACCEPT" in the FORWARD chain of filter table to permit reverse path traffic for established
connections.
- outbound public traffic from eth0 to eth3 (or for interfaces above like eth4 eth5 etc) needs
rule to run through FW_OUTBOUND chain in the filter table
- network stats on public interfaces eth3 are getting gathered
- default gateway is missing in the device specific routing table, resulting in traffic to
be looked up in main routing table
- creating a device specific route table is generating "from all lookup Table_eth3" in the
  ip rules, resulting in rest of the traffic getting blocked.

Picked few commits from #1519 from dsclose (https://github.com/apache/cloudstack/pull/1519)
submitted for 4.7

Marvin tests are added to test below
- Static NAT works on the public interfaces above eth2, in case non-vpc networks
- Portforwarding works on the public interfaces above eth2, in case non-vpc networks
- Route tables are configured as expected for the device specific table for the public interfaces
above eth2, in case non-vpc networks
- IP tables rules are as expected for the traffic from and to the public interfaces above
eth2, in case non-vpc networks

* pr/1659:
  CLOUDSTACK-9339 Virtual Routers don't handle Multiple Public Interfaces correctly

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2e5373b7
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2e5373b7
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2e5373b7

Branch: refs/heads/4.9
Commit: 2e5373b7f8903494ab91308771dc89e463a5a6d4
Parents: decb2e4 6749785
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Wed Dec 7 23:59:38 2016 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Wed Dec 7 23:59:39 2016 +0530

----------------------------------------------------------------------
 .../facade/IpAssociationConfigItem.java         |    4 +-
 .../virtualnetwork/model/IpAddress.java         |    4 +-
 .../virtualnetwork/ConfigHelperTest.java        |   15 +-
 .../Ovm3VirtualRoutingResourceTest.java         |    2 +
 .../debian/config/opt/cloud/bin/configure.py    |    6 +
 .../debian/config/opt/cloud/bin/cs/CsAddress.py |   75 +-
 .../debian/config/opt/cloud/bin/cs/CsRoute.py   |   25 +-
 .../debian/config/opt/cloud/bin/cs/CsRule.py    |   18 +
 .../debian/config/opt/cloud/bin/cs_ip.py        |   11 +-
 .../test_multiple_public_interfaces.py          | 1312 ++++++++++++++++++
 10 files changed, 1432 insertions(+), 40 deletions(-)
----------------------------------------------------------------------



Mime
View raw message