cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <>
Subject Re: SG broken in Adv zone with multiple shared networks (4.2)
Date Fri, 13 Dec 2013 23:40:55 GMT
My reading of is :
 - a VM can only be on 1 security-group-enabled network.

On 12/13/13 10:30 AM, "Nux!" <> wrote:

>It seems that using multiple shared networks in an Adv zone with
>Security groups breaks the security groups.
>Here's what happens:
>- install 4.2.1 SNAPSHOT.el6 (from Build Date: Thu 05 Dec 2013 13:19:49
>- crate Adv zone with SG
>- add a shared network on vlan 109
>- add instances on it
>- create security groups
>- everything rocks, they can ping each other etc
>- create another shared network on vlan 999
>- stop the running instances
>- add the second network to the instances and start them
>- the instances get a new set of IPs for eth1 via DHCP BUT!
>- they can no longer access each other via the eth0 IPs; the SG seem to
>apply correctly, but only to the newly added network
>- the instances can also no longer access the router in their primary
>shared network (hence no more passwords reset and other features)
>For those good at firewalls, here's the iptables output from BEFORE
>adding the second network:
>And AFTER adding the second network and starting back the instances:
>If someone can confirm it's not me doing something stupid I can open a
>proper report in jira.
>Sent from the Delta quadrant using Borg technology!

View raw message