cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Rich (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-591) Wrong vnet in iptables on KVM hypervisors after VM reboot
Date Thu, 06 Dec 2012 19:01:14 GMT
Bill Rich created CLOUDSTACK-591:
------------------------------------

             Summary: Wrong vnet in iptables on KVM hypervisors after VM reboot
                 Key: CLOUDSTACK-591
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-591
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Hypervisor Controller, KVM
    Affects Versions: pre-4.0.0
         Environment: Cloudstack 3.0.5 with KVM hypervisor using basic networking with security
groups
libvirt v 0.9.10
iptables v1.4.7
            Reporter: Bill Rich
            Priority: Minor


Sometimes when a VM is rebooted on KVM, the wrong vnet is listed in the iptables rules on
the hypervisor. 

For example, iptables and ebtables show that i-3-956 is on vnet3, but it is actually using
vnet0. Modifying the rules to use the correct interface restores network connectivity. This
behavior is inconsistent, but triggered by issuing a reboot from the OS.

iptables -L
Chain BF-br-public-IN (1 references)
...
i-3-956-def  all  --  anywhere             anywhere            PHYSDEV match --physdev-in
vnet3 --physdev-is-bridged 

Chain BF-br-public-OUT (1 references)
i-3-956-def  all  --  anywhere             anywhere            PHYSDEV match --physdev-out
vnet3 --physdev-is-bridged


ebtables -t nat -L

Bridge chain: PREROUTING, entries: 11, policy: ACCEPT
...
-i vnet3 -j i-3-956-VM-in

Bridge chain: POSTROUTING, entries: 11, policy: ACCEPT
...
-o vnet3 -j i-3-956-VM-out




--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message