cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-4084) [MultipleIPsPerNic] [ExternalDevices] After Network GC, staticNat is not working If the staticNat is on primary guest IP
Date Tue, 06 Aug 2013 11:04:48 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-4084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13730648#comment-13730648
] 

ASF subversion and git services commented on CLOUDSTACK-4084:
-------------------------------------------------------------

Commit 6164077ee88786bc80b895f889b45c17fdf7ae2e in branch refs/heads/master from [~jayapal]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=6164077 ]

CLOUDSTACK-4084 Fixed the static nat vm ip address in public ip address table in external
network gc

    In external network after network GC the network n/w cidr changes.
    In this case the static nat enable vm ip also chagnes. So updated the new
    vm ip address in user_ip_address table.

                
> [MultipleIPsPerNic] [ExternalDevices] After Network GC, staticNat is not working If the
staticNat is on primary guest IP
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-4084
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4084
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>         Environment: commit # 
>            Reporter: venkata swamybabu budumuru
>            Assignee: Jayapal Reddy
>            Priority: Critical
>             Fix For: 4.2.0
>
>         Attachments: logs.tgz
>
>
> Steps to reproduce:
> 1. Have latest CloudStack setup with at least 1 adv zone using KVM hosts
> 2. Make sure network.gc.interval and wait are set to "100" seconds 
> 3. Have at least one network offering of type "isolated" and with all services enabled
where LB is provided by NS and other services are provided by VR. 
> mysql> select * from network_offerings where id=15\G 
> *************************** 1. row *************************** 
>                        id: 15 
>                      name: NetworkOffering with NS 
>                      uuid: 4aaf5c58-6d45-4213-8c26-0b2b6f6792c5 
>               unique_name: NetworkOffering with NS 
>              display_text: NetworkOffering with NS 
>                   nw_rate: NULL 
>                   mc_rate: 10 
>              traffic_type: Guest 
>                      tags: NULL 
>               system_only: 0 
>              specify_vlan: 0 
>       service_offering_id: NULL 
>             conserve_mode: 0 
>                   created: 2013-08-05 07:30:38 
>                   removed: NULL 
>                   default: 0 
>              availability: Optional 
>      dedicated_lb_service: 0 
> shared_source_nat_service: 0 
>                  sort_key: 0 
>  redundant_router_service: 0 
>                     state: Enabled 
>                guest_type: Isolated 
>        elastic_ip_service: 0 
>   eip_associate_public_ip: 0 
>        elastic_lb_service: 0 
>         specify_ip_ranges: 0 
>                    inline: 0 
>             is_persistent: 0 
>               internal_lb: 0 
>                 public_lb: 1 
>     egress_default_policy: 1 
>    concurrent_connections: NULL 
> mysql> select * from ntwk_offering_service_map where network_offering_id=15; 
> +----+---------------------+----------------+---------------+---------------------+ 
> | id | network_offering_id | service | provider | created | 
> +----+---------------------+----------------+---------------+---------------------+ 
> | 58 | 15 | Dhcp | VirtualRouter | 2013-08-05 07:30:38 | 
> | 55 | 15 | Dns | VirtualRouter | 2013-08-05 07:30:38 | 
> | 60 | 15 | Firewall | VirtualRouter | 2013-08-05 07:30:38 | 
> | 59 | 15 | Lb | Netscaler | 2013-08-05 07:30:38 | 
> | 54 | 15 | PortForwarding | VirtualRouter | 2013-08-05 07:30:38 | 
> | 56 | 15 | SourceNat | VirtualRouter | 2013-08-05 07:30:38 | 
> | 53 | 15 | StaticNat | VirtualRouter | 2013-08-05 07:30:38 | 
> | 57 | 15 | UserData | VirtualRouter | 2013-08-05 07:30:38 | 
> | 61 | 15 | Vpn | VirtualRouter | 2013-08-05 07:30:38 | 
> +----+---------------------+----------------+---------------+---------------------+ 
> 4. deploy a VM using the network that is created using above offering and then create
the following rules
> NOTE : Guest got a primary address as 10.0.0.62/20
> (i) Create PF rule that maps to  the primary guest ip
> mysql> select * from user_ip_address where public_ip_address like '%10.147.44.65%'\G
> *************************** 1. row ***************************
>                  id: 6
>                uuid: f6a454d8-ab7f-4b3b-a763-f6cf1a14b219
>          account_id: 3
>           domain_id: 2
>   public_ip_address: 10.147.44.65
>      data_center_id: 1
>          source_nat: 0
>           allocated: 2013-08-05 09:51:26
>          vlan_db_id: 1
>      one_to_one_nat: 0
>               vm_id: NULL
>               state: Allocated
>         mac_address: 16
>   source_network_id: 200
>          network_id: 210
> physical_network_id: 200
>           is_system: 0
>              vpc_id: NULL
>           dnat_vmip: NULL
>         is_portable: 0
> (ii) Create a staticNat rule that maps to the primary guest ip
> mysql> select * from user_ip_address where public_ip_address like '%10.147.44.64%'\G
> *************************** 1. row ***************************
>                  id: 5
>                uuid: 16ed5cfa-795d-48a1-b11d-7c6fe3f2bbd7
>          account_id: 3
>           domain_id: 2
>   public_ip_address: 10.147.44.64
>      data_center_id: 1
>          source_nat: 0
>           allocated: 2013-08-05 09:48:05
>          vlan_db_id: 1
>      one_to_one_nat: 1
>               vm_id: 10
>               state: Allocated
>         mac_address: 15
>   source_network_id: 200
>          network_id: 210
> physical_network_id: 200
>           is_system: 0
>              vpc_id: NULL
>           dnat_vmip: 10.0.0.62
>         is_portable: 0
> 1 row in set (0.00 sec)
> (iii) Initially for the above network the CIDR given to it is : 10.0.0.0/20
> 5. Make sure all the above rules are working. Now, power off the userVM and wait till
network GC
> Observations:
> (i) After GC, the above network got 10.0.80.0/20 as CIDR and everything worked fine without
issues except StatiNat rule. 
> (ii) When I tried to ssh to 10.147.44.64 then it failed. check the VR for the rule and
found that it is still programming staticNat with old guest ip i.e. 10.0.0.62 instead of new
guest ip i.e. 10.0.80.62/20. 
> Note : PF went fine without any issues.
> here is the snippet from VR.
> root@r-15-VM:~# iptables -L -nv -t nat
> Chain PREROUTING (policy ACCEPT 40 packets, 4127 bytes)
>  pkts bytes target     prot opt in     out     source               destination     
   
>     0     0 DNAT       all  --  eth2   *       0.0.0.0/0            10.147.44.64    
    to:10.0.0.62
>     0     0 DNAT       all  --  eth0   *       0.0.0.0/0            10.147.44.64    
    to:10.0.0.62
>     0     0 DNAT       tcp  --  eth2   *       0.0.0.0/0            10.147.44.65    
    tcp dpt:22 to:10.0.80.62:22
>     0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            10.147.44.65    
    tcp dpt:22 to:10.0.80.62:22
> Chain INPUT (policy ACCEPT 23 packets, 1882 bytes)
>  pkts bytes target     prot opt in     out     source               destination     
   
> Chain OUTPUT (policy ACCEPT 1 packets, 341 bytes)
>  pkts bytes target     prot opt in     out     source               destination     
   
>     0     0 DNAT       tcp  --  *      *       0.0.0.0/0            10.147.44.65    
    tcp dpt:22 to:10.0.80.62:22
> Chain POSTROUTING (policy ACCEPT 1 packets, 341 bytes)
>  pkts bytes target     prot opt in     out     source               destination     
   
>     0     0 SNAT       all  --  *      eth2    10.0.0.62            0.0.0.0/0       
    to:10.147.44.64
>     0     0 SNAT       all  --  *      eth2    0.0.0.0/0            0.0.0.0/0       
    to:10.147.44.63
>     0     0 SNAT       all  --  *      eth0    10.0.80.0/20         10.0.0.62       
    to:10.0.80.1
>     0     0 SNAT       tcp  --  *      eth0    10.0.80.0/20         10.0.80.62      
    tcp dpt:22 to:10.0.80.1
> (iii) After GC, when I checked the user_ip_address table then I found that it still has
dnat_vmip still set to "10.0.0.62" and I am doubting that this is causing the issue. Ideally
we should have cleaned this during gC and should be setting this during rule reprogramming.
> Attaching all the required logs along with db dump to the bug.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message