cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ove Ewerlid <Ove.Ewer...@oracle.com>
Subject Re: [VOTE] Apache CloudStack 4.3.0 (eighth round)
Date Fri, 14 Mar 2014 13:41:03 GMT
On 03/14/2014 01:57 PM, Nux! wrote:
> On 14.03.2014 12:06, Nux! wrote:
>> It looks like the traffic doesn't go in the right chains, all traffic
>> is accepted as FORWARD is set to ACCEPT.
>> There are zero packets going through BF-breth0-109.
>>
>> Here's outputs from:
>> iptables-save: http://paste.fedoraproject.org/85337/47982321/raw/
>> ebatables-save: http://paste.fedoraproject.org/85338/79831713/raw/
>> ipset -L: http://paste.fedoraproject.org/85339/79832613/raw/
>>
>> I will install 4.2.1 as that one was working and try to compare the
>> outputs.
>
> Ok, reinstalled with 4.2.1 and this one works as expected, all ingress
> is blocked unless stated otherwise. Here's the same outputs as earlier:
> iptables http://paste.fedoraproject.org/85350/1356139/raw/
> ebtables http://paste.fedoraproject.org/85351/80136613/raw/
> ipset -L http://paste.fedoraproject.org/85352/13948013/raw/
>
> Kindly look into this, it breaks a major feature.
>
> Lucian
>

I can confirm this observation.
The test was to install ACS42 and ACS43 in the same environment;

   - OEL65 (Oracle's variant of CentOS v65)
   - KVM hypervisor
   - Advanced with 3 shared networks (3 VLAN's)
   - ACS421; official KVM system VM template
   - ACS43; latest 64 bit KVM system VM template
   - 24 hypervisors; 144Gbyte RAM / 24 Cores / 4TB local disk

SG works as expected in ACS42.
In ACS43, the iptables forward chain on hypervisors is empty and in 
policy ACCEPT, hence all traffic goes through.

The same set of automated install scripts were used in both cases so the 
installs are virtually identical.

/Ove


-- 
Ove Everlid
System Administrator / Architect / SDN- & Automation- & Linux-hacker
Mobile: +46706662363 (dedicated work mobile)
Country: Sweden, timezone; Middle Europan Time (MET or GMT+1)

Mime
View raw message