cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Gipson <>
Subject Question concerning Virtual Routers and problems during failover
Date Tue, 12 Sep 2017 19:12:48 GMT
Hey all,

I’ve found what I think could be a possible issue with the redundant VPC router pairs in
Clousdstack.  The issue was first noticed when routers were failing over from master to backup.
 When the backup router became master, everything continued to work properly and traffic flowed
as normal.  However, when it failed from the new master back to the original master the virtual
router stopped allowing traffic through any network interfaces and any failover after that
resulted in virtual routers that were not passing traffic.

I can reproduce this behavior by doing a manual failover (logging in and issuing a reboot
command on the router) from master to backup and then back to the original master.  From what
I can tell, the iptables rules on the router are somehow modified during the failover (or
a manual reboot) in such a way as to make them completely nonfunctional.  I did a side-by-side
comparison of the iptables rules before and after a failover (or a manual reboot) and there
are definite differences.  Sometimes rules are changed, sometimes they are duplicated, and
I’ve even found that some rules are missing completely out of iptables.

We are running in a CentOS 7 environment and using KVM as our hypervisor.  Our CS version
is 4.8 with standard images for the VRs.  As mentioned previously, our VRs are in redundant
pairs for VPCs.

I’ve attached two iptables outputs, one from a working router and one from a broken router
after failover.

Any help or direction you could provide to help me further identify why this is happening
would be appreciated.


Tim Gipson


View raw message